Major password managers can leak logins in clickjacking attacks
Major password managers can leak logins in clickjacking attacks
www.bleepingcomputer.com
Just a moment...
23 comments
-
-
1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce
-
Wouldn’t the attack need to happen on a subdomain of the site they’re trying to steal credentials for? At least Bitwarden won’t suggest any credentials to autofill otherwise (haven’t tried the others)
-
Once again I am reminded why I always use an adblocker.
-
This is why I tattoo all my passwords backwards on my asscrack
-
Any insight in attacks on the browser password managers themselves?
-
So if I just use the desktop app and not the browser extension then I'm good?
-
That's what I'm getting from this too
-
-
I'm an idiot using bw, do we have much confidence in any means of avoiding this yet or no?
-
The easy-ish way is to use the desktop app, but from the article:
However, Bitwarden told BleepingComputer that the issues have been fixed in version 2025.8.0, rolling out this week.
-
I just now did an update and Bitwarden updated. Linux Mint.
-
Nice, good looking out😎
-
-
23 comments
Once again Keepass proves to be the superior solution.
That's not at all what the article says.
They tested 11 popular password managers, Keepass wasn't one of them.
So if it wasn't even tested for attacks that nearly every other manager fails at least 1 aspect of, then you should assume it's not safe either.
Well, except that the method of exploit was involving the web browser plugin, which isn't a thing Keepass does to begin with.
Just like Craigslist; every ounce of energy out into veneer is energy not in the core product design and maintenance and also adds cost. Minimal, functional, excellent.