And yes, if I had a bitwarden vault I wanted to crack I'd absolutely be using the web account login page. The latter is more likely to yield to have some vulnerability than the at-rest encryption, which when exploited would yield the password; or it could scare the target into falling into my PITM attack, or otherwise act irrationally.
What type of vulnerability could the web interface have that the offline password file wouldn't? Unless they have a backdoor. The speed difference would also be tens or millions of times faster.
And yes, if I had a bitwarden vault I wanted to crack I'd absolutely be using the web account login page. The latter is more likely to yield to have some vulnerability than the at-rest encryption, which when exploited would yield the password; or it could scare the target into falling into my PITM attack, or otherwise act irrationally.