Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Bitwarden, LastPass, Dashlane and 1Password were found to have cloud password manager vulnerabilities that could let an attacker view, change, recover, or delete vault passwords. Researchers detailed 27 attack scenarios spanning key escrow, vault encryption, sharing, and backward compatibility weaknesses. The findings undermine the vendors’ zero-knowledge encryption claims and show how server-side manipulation or weak cryptographic binding could expose entire vaults.
Related Happenings
Dashlane personal-plan users' encrypted vault exposure
Data Leak
H score26
First: 02.06.2026 06:55
Last: 02.06.2026 06:55
Sources 1
About this happening:
On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...
Dashlane personal-plan users' encrypted vault exposure
Data LeakAbout this happening: On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...
Dashlane password manager account lockouts from brute-force attacks
Service Disruption
H score12
First: 01.06.2026 21:17
Last: 01.06.2026 21:17
Sources 1
About this happening:
**Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
Dashlane password manager account lockouts from brute-force attacks
Service DisruptionAbout this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
Bitwarden hit by network compromise
Incident
H score34
First: 23.04.2026 22:21
Last: 23.04.2026 22:21
Sources 1
About this happening:
**Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Bitwarden hit by network compromise
IncidentAbout this happening: **Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/Service
H score11
First: 05.03.2026 00:34
Last: 05.03.2026 00:34
Sources 1
About this happening:
**Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/ServiceAbout this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws
Technical Analysis
H score58
First: 16.02.2026 20:06
Last: 16.02.2026 20:06
Sources 1
About this happening:
A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...
Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws
Technical AnalysisAbout this happening: A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...
Timeline
-
16.02.2026 19:15 2 articles · 4mo ago
Researchers publish cloud password manager flaw findings
Initial DisclosureResearchers from ETH Zurich and the Università della Svizzera italiana (USI) published a peer-reviewed paper on February 16, 2026 describing 27 successful attack scenarios against Bitwarden, LastPass, Dashlane and 1Password cloud-based password managers; the work says flaws such as unauthenticated public keys, lack of ciphertext integrity, insufficient key separation and missing cryptographic binding can let an attacker view, change or recover vault passwords, and Bitwarden, LastPass and Dashlane reported that remediation is underway.
Show sources
- Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords — www.infosecurity-magazine.com — 16.02.2026 19:15
- Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords — www.infosecurity-magazine.com — 16.02.2026 19:15