|
|
|
|
|
|
by firstlink
1105 days ago
|
|
|
E.g. PITM attack on password reset endpoints. And yes, if I had a bitwarden vault I wanted to crack I'd absolutely be using the web account login page. The latter is more likely to yield to have some vulnerability than the at-rest encryption, which when exploited would yield the password; or it could scare the target into falling into my PITM attack, or otherwise act irrationally. |
|
|
What type of vulnerability could the web interface have that the offline password file wouldn't? Unless they have a backdoor. The speed difference would also be tens or millions of times faster.