A new academic study has found that several major cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions.
The research, conducted by scientists from ETH Zurich and Università della Svizzera italiana, examined how the services implement zero-knowledge encryption (ZKE), a cryptographic approach designed to ensure that only users (not service providers) can access stored vault data. The researchers modeled a scenario involving a malicious server and evaluated whether the vendors’ ZKE claims held up under adversarial conditions.
“They [researchers] set up their own servers that behave like a hacked password manager server. They proceeded on the assumption that, following an attack, the servers behave maliciously (malicious server threat model), and when interacting with clients, such as a web browser, they deviate arbitrarily from the expected behaviour,” the paper explains.
The team demonstrated 12 different attacks affecting Bitwarden, seven impacting LastPass, and six targeting Dashlane. The issues span a wide spectrum, from targeted vault integrity violations to the potential compromise of all vaults within an organization. Collectively, the affected password managers serve more than 60 million users and nearly 125,000 businesses worldwide.
The attacks fall into four main categories. Some exploit weaknesses in “key escrow” account recovery mechanisms in Bitwarden and LastPass, potentially undermining confidentiality protections. Others take advantage of flawed item-level encryption practices, where vault items and sensitive settings are encrypted separately and combined with unencrypted or unauthenticated metadata, allowing metadata leakage, field swapping, and downgrade attacks. Additional attack methods leverage sharing features to compromise vault integrity and confidentiality, while a separate set exploits backward compatibility with legacy code, particularly in Bitwarden and Dashlane.
The researchers said they contacted the vendors about the issues and gave them 90 days to fix the vulnerabilities before publishing results of their research.
“Discussions with the developers of these password managers showed that they are very hesitant when it comes to system updates, as they worry that their customers could lose access to their passwords and other personal data,” the researchers noted. “Alongside millions of private individuals, this customer base also includes thousands of companies that entrust the providers with all of their password management. It is not difficult to imagine what would happen if they suddenly lost access to their data. Many providers therefore stick to cryptographic technologies from the 90s, even though these have long been obsolete.”