Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Flaws Found in Major Cloud Password Managers

Critical Flaws Found in Major Cloud Password Managers

Posted on February 17, 2026 By CWS

Recent research from ETH Zurich has exposed significant weaknesses in three prominent cloud-based password managers: Bitwarden, LastPass, and Dashlane. The study reveals 25 vulnerabilities that could potentially allow unauthorized access to users’ stored passwords and vault data, posing a severe risk to over 60 million users worldwide.

Understanding the Vulnerabilities

The researchers focused on the client-server interactions of these password managers under a fully malicious server threat model. Despite claims of ‘zero-knowledge encryption’ from these services, which supposedly prevent servers from accessing plaintext vault data, the study highlights several failures in maintaining confidentiality and integrity.

The identified attacks fall into four categories: issues with key escrow mechanisms, flaws in item-level vault encryption, exploits of sharing features, and vulnerabilities due to backward compatibility. These weaknesses allow malicious servers to bypass security protocols, potentially compromising entire user vaults.

Detailed Analysis of the Flaws

Key escrow attacks, targeting account recovery and Single Sign-On (SSO) mechanisms, can lead to full vault compromise. In Bitwarden, for instance, unauthenticated keys used in auto-enrollment and key rotation can be exploited. Similarly, LastPass’s password reset processes are vulnerable to attacks.

Item-level encryption flaws result in breaches of data integrity, metadata exposure, and the potential for brute-force attacks. Bitwarden and Dashlane, among others, suffer from issues like field swapping and decryption of sensitive metadata, which weaken their security posture.

Impact and Mitigation Strategies

These vulnerabilities are particularly alarming as they often require minimal user interaction to exploit, such as a single login or data synchronization. Researchers have responsibly disclosed these findings, urging vendors to apply critical patches and update their security protocols.

Bitwarden, LastPass, and Dashlane have started implementing fixes, including enhanced key separation and the removal of insecure encryption standards. Users are advised to keep their software updated, use per-item keys if available, and stay informed on security patches to protect their data.

The study underscores the necessity for password managers to adopt formal security models akin to those used in end-to-end encrypted cloud storage. As threats evolve, maintaining robust and up-to-date security measures becomes ever more crucial.

Cyber Security News Tags:Bitwarden, cloud security, Cybersecurity, Dashlane, data protection, Encryption, LastPass, password managers, security breach, Vulnerability

Post navigation

Previous Post: Airleader Vulnerability Poses Remote Code Execution Risk
Next Post: Apple Tests Encrypted RCS Messaging in iOS Beta

Related Posts

6 Million FTP Servers Still Exposed in 2026, Report Reveals 6 Million FTP Servers Still Exposed in 2026, Report Reveals Cyber Security News
HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit Cyber Security News
Massive FortiBleed Attack Breaches 430,000+ Firewalls Massive FortiBleed Attack Breaches 430,000+ Firewalls Cyber Security News
1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks 1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks Cyber Security News
Microsoft Defender for Office 365 to Block Email Bombing Attacks Microsoft Defender for Office 365 to Block Email Bombing Attacks Cyber Security News
Top VPNs for Chrome in 2026: Secure Your Browsing Top VPNs for Chrome in 2026: Secure Your Browsing Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Avalon Malware Framework Unveils CrownX Ransomware
  • Alibaba Considers Ban on AI Tool Over Security Concerns
  • India Cracks Down on Apps Disabling E-Rickshaws
  • Hackers Exploit SEO to Mislead AI with Malicious Codes
  • North Korea-Linked npm Packages Pose Threat to Developers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark