"Bitwarden Flaw Can Let Hackers Steal Passwords Using iframes"

Bitwarden is a popular open-source password management solution with a web browser extension that stores account usernames and passwords in an encrypted vault. Bitwarden's auto-fill functionality for credentials exhibits a risky behavior that could allow malicious iframes embedded in legitimate websites to steal users' credentials and deliver them to an attacker. Flashpoint researchers reported the problem, stating that Bitwarden was aware of the issue in 2018, but decided to allow it to accommodate legitimate sites using iframes. Even though Bitwarden's auto-fill feature is deactivated by default and the conditions to exploit it are rare, Flashpoint reports that there are still websites that satisfy the parameters where motivated threat actors can attempt to exploit these vulnerabilities. This article continues to discuss the Bitwarden flaw that can allow hackers to steal passwords via iframes. 

Bleeping Computer reports "Bitwarden Flaw Can Let Hackers Steal Passwords Using iframes"