Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Source: The Hacker News

Overview

A new study has found that multiple cloud‑based password managers—including Bitwarden, Dashlane, and LastPass—are susceptible to password‑recovery attacks under certain conditions.

“The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said. “The majority of the attacks allow the recovery of passwords.”

The threat actor, per the study from ETH Zurich and Università della Svizzera italiana, assumes a malicious server and examines the password manager’s zero‑knowledge encryption (ZKE) promises. ZKE lets one party prove knowledge of a secret without revealing the secret itself.

ZKE differs slightly from end‑to‑end encryption (E2EE). While E2EE secures data in transit, ZKE primarily protects data at rest, ensuring that only the person with the key can access the information. Vendors implement ZKE to “enhance” user privacy and security by preventing vault data from being tampered with.

However, the latest research uncovered:

• 12 distinct attacks against Bitwarden
• 7 attacks against LastPass
• 6 attacks against Dashlane

These attacks range from integrity violations of targeted user vaults to a total compromise of all vaults associated with an organization. Collectively, the three solutions serve over 60 million users and nearly 125 000 businesses.

“Despite vendors’ attempts to achieve security in this setting, we uncover several common design anti‑patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers wrote in an accompanying paper.

Attack categories

1. Key‑Escrow attacks – Exploit the “Key Escrow” account‑recovery mechanism to compromise confidentiality guarantees of Bitwarden and LastPass, stemming from vulnerabilities in their key‑escrow designs.
2. Item‑level encryption attacks – Target flawed encryption of individual data items and sensitive user settings (often stored as separate objects) combined with unencrypted or unauthenticated metadata, leading to integrity violations, metadata leakage, field swapping, and KDF downgrade.
3. Sharing‑feature attacks – Abuse sharing functionality to compromise vault integrity and confidentiality.
4. Legacy‑code downgrade attacks – Leverage backwards‑compatibility with legacy code to perform downgrade attacks in Bitwarden and Dashlane.

The study also found that 1Password is vulnerable to both item‑level vault encryption and sharing attacks, though the vendor treats these as arising from already known architectural limitations.

Summary of attacks (BW = Bitwarden, LP = LastPass, DL = Dashlane)

When reached for comment, Jacob DePriest, Chief Information Security Officer and Chief Information Officer at 1Password, told The Hacker News that the company’s security team reviewed the paper in detail and found no new attack vectors beyond those already documented in its publicly available Security Design White Paper.

“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious‑server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest added.

“For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server‑side attacks. More recently, we introduced a new capability for enterprise‑managed credentials, which from the start are created and secured to withstand sophisticated threats.”

As for the rest, Bitwarden, Dashlane, and LastPass have all implemented countermeasures to mitigate the risks highlighted in the research, with LastPass also planning to harden its admin‑password‑reset and sharing workflow.

Additional Details

There is no evidence that any of these issues has been exploited in the wild.

Dashlane

Dashlane patched an issue where a successful compromise of its servers could have allowed a downgrade of the encryption model used to generate encryption keys and protect user vaults. The issue was fixed by removing support for legacy cryptography methods with Dashlane Extension v6.2544.1 (released Nov 2025).

“This downgrade could result in the compromise of a weak or easily guessable Master Password, and the compromise of individual ‘downgraded’ vault items,” Dashlane said.
“This issue was the result of the allowed use of legacy cryptography. This legacy cryptography was supported by Dashlane in certain cases for backwards compatibility and migration flexibility.”
— Dashlane security advisory

Bitwarden

Bitwarden stated that all identified issues are being addressed:

“Seven of which have been resolved or are in active remediation by the Bitwarden team,” the company said.
“The remaining three issues have been accepted as intentional design decisions necessary for product functionality.”
— Bitwarden blog post

LastPass

In a similar advisory, LastPass said it is “actively working to add stronger integrity guarantees to better cryptographically bind items, fields, and metadata, thereby helping to maintain integrity assurance.”

— LastPass blog post

Stay Informed

Found this article interesting? Follow us for more exclusive content:

• Google News
• Twitter
• LinkedIn