Results of Bitwarden security audit published

[harlan4096]

Bitwarden hired the German security company Cure 53 to audit the security of Bitwarden software and technologies used by the password management service.

Bitwarden is a popular choice when it comes to password managers; it is open source, programs are available for all major desktop operating systems, the Android and iOS mobile platforms, the Web, as browser extensions, and even the command line.

Cure 53 was hired to "perform white box penetration testing, source code auditing, and a cryptographic analysis of the Bitwarden ecosystem of applications and associated code libraries".

Bitwarden released a PDF document that highlights the findings of the security company during the audit and the company's response.

The research term uncovered several vulnerabilities and issues in Bitwarden. Bitwarden made changes to its software to address pressing issues immediately; the company changed how login URIs work by limiting allowed protocols.

The company implemented a whitelist that allows the schemes https, ssh, http, ftp, sftp, irc, and chrome only at the point in time and not other schemes such as file.

Full reading: https://www.ghacks.net/2018/11/13/result...published/