cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
Anyone got a good suggestion for a self hosted option? Ideally one that has a good iOS app and a web interface.
You can self-host Bitwarden. Or there’s the Vaultwarden implementation of the Bitwarden API.
Built on rust you say???
I did not, in fact, say. But they did say that, yes.
Keepass, upload the database file to random free cloud accounts after making changes to the database.
This is foulproof as long as the end-user device doesn’t get hacked, right?
Yes and no. You can store them in a free cloud account, provided you have local copies; there’s a risk your access to the cloud storage could be denied. A security risk is that they could harvest these databases, and decrypt them later.
I think your best bet, if you were to use free services, is to delete old databases from the cloud. Encrypt the new databases with the updated password manager and a new master password.
This is terrible advice, even if I assume you are also using a key-file on a removable usb. An attacker can brute force decrypt your db. There is no rate limiting when you literally have the database file, they could replicate it across thousands of servers each with dozens of cores, each core trying a dozen keyphrases per second. That’s assuming a motivated attacker like a government or crypto scammers, but why open yourself to that possibility?
Why would you do that? Just sync thr database with Syncthing and keep it locally on your devices. I’d never put my pw dB in a publicly available cloud online, even though it’s encrypted.
For backup.
So all of my hard drives and devices are in the same house, if I was sleeping and and house caught on fire and I couldn’t even get my phone in time (just a worst case example), then I lose all my passwords.
Cloud is my “offsite backup”. Cuz where else would I put stuff?
Also: I though you could just safely upload encrypted files to Google Drive, why not a password database? It’s just another encrypted file.
I see. For this scenario, I have another Syncthing server, which is on 24/7, responsible for offsite backups.
Ad encrypted files: true, but why expose them to a potential adversary? If there should be a flaw in the encryption (now or future) the other party already has access to the file.
You probably can’t trust anything if it’s compromised
Yeah, the title there really doesn’t reflect the article text. It should be “you probably can’t trust your password manager if the remote servers it uses are compromised”.
That would be an understatement since all services claim your data is safe even in that case which is not true.
Well the specific point here is that these companies claim that a server hack won’t reveal your passwords since they’re encrypted and decrypted on your local device so the server only sees the encrypted version. Apparently this isn’t completely true.
At the point someone pulls off a valid MIM attack - which is basically a requirement here unless the whole BW/Vaultwarden server gets compromised- that is the least of someones problems. MIMs are incredibily hard these days.
Well if you decrypt the blob on the server they can see it.
There’s something nice about the phrase “decrypt the blob.”
BW06: Icon URL Item Decryption. Items can include a URL field, which is used to autofill the credentials and display an icon on the client. The client decrypts the URL and fetches the icon from the server, including in its request the domain and top-level domain of the URL. For instance, if the URL is “https://host.tld/path”, the client request includes “host.tld”. This means that the adversary can learn (part of) the con- tents of URL fields. Using Attack BW05, an adversary can place the ciphertext of sensitive item fields, such as a user- name or a password, in the encrypted URL field. After fetch- ing the item, the client will then decrypt the ciphertext, confus- ing it for a URL. If the plaintext satisfies some conditions (i.e. containing a ‘.’ and no !), it will be leaked to the adversary. A URL checksum feature was deployed in July 2024, mak- ing the clients store a hash of the URL in another encrypted item field, therefore providing a rudimentary integrity check and preventing this attack. Note that old items are never up- dated to add such a checksum: this feature only protects items created after its introduction. Furthermore, URL checksums are only checked if a per-item key is present for the item. As we will see, an adversary can prevent per-item keys from being enabled with Attack BW10.
IMPACT. The adversary can recover selected target ciphertexts in the item, such as the username or the password.
REQUIREMENTS. The user opens a vault containing items that do not use per-item keys (i.e., items created before July 2024, or after Attack BW10 is run). The target plaintext must satisfy some additional conditions, detailed in Appendix
– from the paper the article is discussing
So you could potentially expose your passwords to a compromised server or some kind of MITM. If they meet the conditions for the validation check, anyway.
My comment was to answer the question of: “Why is this relevant?” (Its been asked a lot). It’s relevant because Bitwarden is claiming that they “cannot see your passwords”.
I didn’t think you were making the post to defend Bitwarden or something. I was just adding the details of one of the exploits the paper found that directly contradicted their claim.
And if the client software itself is compromised then all that is meaningless.
Are you trying to say the front fell off?
That’s not very typical
It wasn’t designed for the front to fall off, that’s for sure!
Well, what sort of standards are these tools built to?
For the front to stay on!
Since the summary doesn’t say which three popular password managers:
As one of the most popular alternatives to Apple and Google’s own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.
And glosses over what it claims are the two that dominate market (combined market share of 55%) which negates their headline, since it’s likely the reader is using one of those two password managers.
Anything against keepass
So I chose the worst pick, eh?
No. Because the very nature of passwords and password managers make you immeasurably safer than not using one at all. Password managers in almost all markets detect password compromises and alert you to change them. Doing so is trivial and as long as you catch it in time, you’re much safer and harder to target than almost any other user.
Passwords are like physical locks. Its not about being unpickable or indestructible. Its mostly about raising the barrier of entry high enough that you are an unappealing target. Why would I spend days/weeks/months trying to crack the account of someone using a random string of 14 characters unique to every service and that can change their password within hours or days–when I could instead gain remote access to hundreds of other users that keep a ‘passwords.doc’ file in ~/documents with open permissions? They likely use passwords like ‘Snoopdog2004$’ so they’re easy to brute force, they won’t notice incursions, and can’t easily change passwords that are shared between multiple services.
Next do proton pass
I suggest KeepassXC, I like it. Can use it with TOTP too
Or if you have like $5/mo to spend on a VPS, self-host vaultwarden. It’s compatible with the bitwarden apps and browser plugins.
Keepass + Syncthing for cloudless sync between devices. Dreamteam.
Yess!
I store the keepass vault on my nextcloud
On iOS and macOS, I use Strongbox pro (one time purchase), as it integrates beautifully into the apple ecosystem using its APIs.
On linux and windows free KeepassXC with browser plug-ins
On Android I use the free keePassDX which, like strongbox, uses the android APIs for passwordsSame. My password database never touches a server I don’t own and my keyfile is manually copied between my devices and stored separately from the database file.
You take the good, you take the bad, you take them both and there you have The facts of life, the facts of life.
There’s a time you got to go and show You’re growin’ now you know about The facts of life, the facts of life.
When the world never seems to be livin up to your dreams And suddenly you’re finding out the facts of life are all about you, you.
Let’s expand that specifically generic headline. "“You probably can’t trust anything if it’s been compromised”. More extra non-news at eleven.
I know they’re convenient, but people should really stop using cloud-based password managers and start using local ones. I personally recommend KeepassXC.
How do you recommend people sync between devices? What about devices that, for security reasons, do not allow flash drives or any external device to be plugged in?
You could use Github or similar. Your password file itself requires a password, so as long as the passwords are different you aren’t screwed if Github is compromised.
Either that or you could keep it on your phone and type your password in manually - Keepass lets you generate passphrases which makes typing them a lot easier.
Or you could store it on your own server and VPN in if you’re allowed to. It’s all pretty flexible.
So, absolutely no difference in security compared to having a properly secured self-hosted VaultWarden instance. Gotcha.
In the niche situation of not being allowed to connect USB drives to the computer you’re using? I guess.
There’s nothing stopping you from keeping it on an offline device and typing them in manually.
Syncthing is great for syncing things like keepass dbs
Works on iOS?
There is Synctrain and Möbius Sync. They are not perfect due to iOS restrictions on apps running in the background, but they work well enough as long as I occasionally open them to make sure they sync.
I have my keepass file in a samba share on my raspberry pi running wireguard. But it’s easier just using nextcloud. Anyway, the file is encrypted.
At that point, why bother with the setup of samba shares and nextcloud or syncthing or whatever else and not use VaultWarden with its built in sync over WireGuard/TailScale?
KeePass features a built-in synchronization mechanism. I store my password file on google drive for ease of access on multiple devices. I set up triggers (on save, on custom button) to sync between the local copy and the cloud copy, using this guide: https://keepass.info/help/kb/trigger_examples.html#dbsync
Not a turnkey solution, but once setup it works like a charm.
Sadly this functionality is not included in KeepassXC, so I continue to use the original Keepass for this reason, but I agree, my setup is the same and I’m very happy with it.
And keepass is perfectly cloud ready by placing the kdbx file into your cloud storage and sync using webDav or similar.
Ya think?
Bitwarden. Shit.
These attacks are more around the encryption and all require a fully malicious server. It sounds like Bitwarden is taking these seriously and personally I’d still strongly prefer it to any closed source solution where there could be many more unknown but undiscovered security concerns.
Using a local solution is always most secure, but imo you should first ask yourself if you trust your own security practices and whether you have sufficient hardware redundancy to be actually better. I managed to lose the private key to some Bitcoin about a decade ago due to trying to be clever with encryption and local redundant copies.
Further, with the prevalence of 2FA even if their server was somehow fully compromised as long as you use a different authenticator app than Bitwarden you’re not at major risk anyways. With how poorly the average person manages their password security this hurdle alone is likely enough to stop all but attacks targeted specifically at you as an individual.
Just adding: Passkeys do migitate a lot of these issues as well.
I don’t have the self hosting maturity to share my db across my devices yet. I need to get on that.
If it’s critical, don’t self host it. It’s not worth it.
I know people will argue; I just need something that works and that I don’t have to worry about patching.
With vault/bitwarden the client handles that sharing for you.
Thats really disappointing. At least the selfhosted version means it would have to be a heavily targeted attack.
I don’t think it should be disappointing. Bitwarden welcomes third party security testing, especially given it is open source. The tests done were just tests, and the issues were already fixed.
Yeah, after seeing their response I’m quite satisfied. They’re one of the good guys and I hope it stays that way.
Which in turn is based off of KeePass, right? So double shit?
no, Bitwarden isn’t “based off” anything
Oh my mistake. Not sure why I thought that.
Did you know water is wet?
water ISN’T wet. It makes things wet though.
That is why this article is significant.
I store my passwords on a flash drive with KeepassXC. How about you compromise that server… Oh wait a minute, no server?
As long as your copy isn’t a trojan.
https://cybersecuritynews.com/hackers-weaponize-keepass-password-manager/
So just get it from your repo.
Repos can get / have been hacked/malicious code injected.
So can anything. The article was about people getring compromised copies from malicious websites. The answer to that is to get it from a legirimate source, so if your comeback is the legirimate source can get compromised, the only answer is to not use the fucking internet. What the fuck do you want to hear?
did you miss the part where he said that legitimate sources were… infected?
I got it from my system package manager. I didn’t download it from the web or anything. Sudo apt-get install keepassxc. I also use keepassDX on my phone, pulled from the fdroid repository.
Uhhhh… What even is this headline
People really use these apps? I mean…here are all my passwords? …just like that?
Hell, my kids tutor wanted my bank account to withdraw each month. I said, ‘fuck no…not unless we’re banging each other every night with a prenup!’
Your tutor asked for access… To your bank account?
What’s a
metaphorallegory?
deleted by creator
What do you do? Use one password for everything?
I hope I don’t sound like this when I’m 75
This is it. The most boomer-ass comment of 2026 so far.
Take this moment in, folks.
Use keepass… don’t use your phone for important stuff. I never get calls or texts. I have no friends.
