AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Bitwarden initial release8/2/2023 Using a subdomain of, say, a hosting company, which has its login form under the same base domain, an attacker installs a specially crafted web page.An unhacked website with the “Auto-fill on page load” option turned on embeds an external iframe that is in the hands of an attacker.“As an example, should a company have a login page at and allow users to serve content under these users are able to steal credentials from the Bitwarden extensions.” Potential Attack Methods Some content hosting providers allow hosting arbitrary content under a subdomain of their official domain, which also serves their login page”, Flashpoint explains. “If you have encountered your fair share of web solutions and content providers, it becomes clear that this poses a problem. If autofill is enabled, an attacker who hosts a phishing page under a subdomain that corresponds to a login stored for a specific base domain will be able to obtain the credentials from the victim as soon as they arrive at the page. Indeed, Flashpoint also found a second problem while looking into the iframes issue: Bitwarden would also automatically fill login information on subdomains of the base domain matching a login. “While the embedded iframe does not have access to any content in the parent page, it can wait for input to the login form and forward the entered credentials to a remote server without further user interaction”, says Flashpoint.įlashpoint looked at how frequently iframes are included on login pages of high-traffic websites and found that the risk was significantly reduced by the small number of risky scenarios. Completing the login forms on both the legitimate website and the external iframeĬuriously, even though they are from distinct domains, the extensions also automatically auto-fill forms that are defined in an embedded iframe.
0 Comments
Read More
Leave a Reply. |