Bitwarden - The unofficial Bitwarden community
ASK_ME_ABOUT_LOOM
•
1y ago
•
100%
Bitwarden Windows Client vulnerability prior to 2023.4.0: CVE-2023-27706
https://nvd.nist.gov/vuln/detail/CVE-2023-27706
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.
Details here: https://hackerone.com/reports/1874155
(shamelessly stolen from reddit)
Comments 0