A popular password management system contains an exploit that can be used to deploy remote code execution by sophisticated hackers…
An internet security firm has discovered a new flaw in a popular password management program. If leveraged correctly, it could be used to conduct remote code execution. The researchers warn it could manipulate the software’s automatic updates to install backdoors into every single installation of the password manager. Then, hackers could steal all of the passwords stored in the user’s database.
Bitwarden Password Manager Open to Critical Vulnerability
Co-founder of Keytern.al Jeffrey Paul is the security professional who first identified the flaw in password manager Bitwarden. He states that it’s also possible to convince the password management platform’s developers to add a backdoor via blackmail. But, that’s not all, Paul also warns:
“The fact that, of all things, a password manager would grant FULL REMOTE CODE EXECUTION to its developers is insane. The very fact that you would ship a feature like this means you are in no way qualified to hold keys or authentication credentials that allow you to publish a new version that could, at your sole option, backdoor everyone’s installations and steal all the passwords of every single user of this software.”