Bitwarden

750 readers

1 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago

MODERATORS

wuffa@discuss.tchncs.de

Bitwarden adds a new auto-fill option right inside form fields (bitwarden.com)

submitted 8 months ago by Renn@sh.itjust.works to c/bitwarden@discuss.tchncs.de

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] NarrativeBear@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (2 children)

Some phishing websites can call on auto-fill to grab your passwords while presenting themselves as real websites.

This means a phishing link in an email that is supposed to take you to your gmail login page (as a example) may actually be a fake page that just captured your password. And because the link was sent to your email the attacker already has your email. The worst part is you may not have noticed your password was just "taken".

[–] cron@feddit.de 0 points 8 months ago

I don't think so. If someone sends you a link to a misspelled PayPal website, the password safe will NOT autofill the password.

[–] HerbalGamer@sh.itjust.works 0 points 8 months ago (1 children)

if I'm entering my details on a phishing website anyway, it shouldn't really matter wether or not I typed it in or used Autofill, right?

[–] cron@feddit.de 0 points 8 months ago* (last edited 8 months ago)

There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.

I don't think that this is a very likely attack, but at least in theory this could work.

Edit: Bitwarden protects against such attacks:

The auto-fill menu will only fill credentials when a user selects a form field they want to interact with. This protects users from potentially malicious form fields or web pages and ensures sensitive information will never be populated without user knowledge.