Bitwarden and Dashlane fix password bug on insecure sites
Password managers Bitwarden and Dashlane have fixed a bug that allowed users to accidentally enter passwords on sandboxed sites. Safari was also vulnerable; it is unknown if Apple has fixed its browser.
Login
Bitwarden has fixed its software and Dashlane notes that it did not see a critical problem in the bug found by Google researchers, reports The Daily Swig. Due to the bug, the password managers mistakenly entered the passwords on unsafe sites, says Google. As a result, those passwords could end up in the wrong hands. It is unknown if the vulnerability has been actively exploited.
Google published the leak last week, three months after it notified affected password managers. Other password managers such as LastPass and 1Password did not have the bug, and browsers Edge and Chrome were not vulnerable either, Google says. Password managers shouldn’t automatically fill in passwords when a page or form is sandboxed, and many password managers do.