password managers
-
High-severity authentication bypass patched in Passwordstate credential manager, vendor says
Click Studios has released a patch for Passwordstate to fix a high-severity authentication bypass vulnerability that could allow attackers to access the emergency access page and the admin area. The vulnerability affects Passwordstate deployments used by thousands of customers and security professionals, with a CVE identifier not yet assigned. The company has published a forum…
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
