Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Bitwarden, LastPass, Dashlane and 1Password were found to have cloud password manager vulnerabilities that could let an attacker view, change, recover, or delete vault passwords. Researchers detailed 27 attack scenarios spanning key escrow, vault encryption, sharing, and backward compatibility weaknesses. The findings undermine the vendors’ zero-knowledge encryption claims and show how server-side manipulation or weak cryptographic binding could expose entire vaults.
Related Happenings
Bitwarden hit by network compromise
Incident
First: 23.04.2026 22:21
Last: 23.04.2026 22:21
Sources 1
About this happening:
**Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Bitwarden hit by network compromise
IncidentAbout this happening: **Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/Service
First: 05.03.2026 00:34
Last: 05.03.2026 00:34
Sources 1
About this happening:
**Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Bitwarden adds passkey login for Windows 11 sign-in
Security Tool/ServiceAbout this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.
Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws
Technical Analysis
First: 16.02.2026 20:06
Last: 16.02.2026 20:06
Sources 1
About this happening:
A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...
Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws
Technical AnalysisAbout this happening: A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...
Bitwarden launches Cupid Vault for secure free-plan password sharing
Security Tool/Service
First: 12.02.2026 23:55
Last: 12.02.2026 23:55
Sources 1
About this happening:
**Bitwarden** has launched **Cupid Vault**, a **free-plan** password-sharing feature that creates a **2-person shared vault** for trusted users, reducing the need to share credent...
Bitwarden launches Cupid Vault for secure free-plan password sharing
Security Tool/ServiceAbout this happening: **Bitwarden** has launched **Cupid Vault**, a **free-plan** password-sharing feature that creates a **2-person shared vault** for trusted users, reducing the need to share credent...
LastPass impersonation phishing campaign using fake maintenance notices
Campaign
First: 21.01.2026 08:40
Last: 21.01.2026 08:40
Sources 1
About this happening:
An active **LastPass impersonation phishing campaign** is targeting password-manager users with fake maintenance notices to steal **master passwords**. The operation began on or a...
LastPass impersonation phishing campaign using fake maintenance notices
CampaignAbout this happening: An active **LastPass impersonation phishing campaign** is targeting password-manager users with fake maintenance notices to steal **master passwords**. The operation began on or a...
Timeline
-
16.02.2026 19:15 2 articles · 3mo ago
Researchers publish cloud password manager flaw findings
Initial DisclosureResearchers from ETH Zurich and the Università della Svizzera italiana (USI) published a peer-reviewed paper on February 16, 2026 describing 27 successful attack scenarios against Bitwarden, LastPass, Dashlane and 1Password cloud-based password managers; the work says flaws such as unauthenticated public keys, lack of ciphertext integrity, insufficient key separation and missing cryptographic binding can let an attacker view, change or recover vault passwords, and Bitwarden, LastPass and Dashlane reported that remediation is underway.
Show sources
- Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords — www.infosecurity-magazine.com — 16.02.2026 19:15
- Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords — www.infosecurity-magazine.com — 16.02.2026 19:15