Bitwarden

772 readers

1 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago

MODERATORS

[email protected]

Question about autofill security (lemmy.thewooskeys.com)

submitted 3 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

I understand that if you have Bitwarden (or any password manager or browser) configured to autofill your password when it encounters a "password" field on a web form, an easy exploit is for the web form to have hidden form fields (e.g., address, phone, email, ssn) and your autofill app will fill in your info into those fields, even though you only wanted it to autofill the login.

But when you have autofill turned off and you click in a form's "login" field and select a login from Bitwrden's contextual menu, Bitwarden automatically also fills in the "Password" field. Does this mean that the exploit exists even if autofill is turned off, as long as you're using any form of an "auto-fill" function?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 3 months ago

as far as i know, bitwarden stores data on a per-site basis, so unless you saved custom fields for that specific site in the past the app won't give it private data from another site