Y
Hacker News
new
|
ask
|
show
|
jobs
by
ronnier
301 days ago
Yeah if an attacker was able to insert javascript then it's possible.
2 comments
blr_lpm
301 days ago
For this particular threat vector, where the client is compromised, the backend doesn’t matter.
link
franga2000
301 days ago
A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.
link
9cb14c1ec0
301 days ago
Which is only possible if logging into the web client and not when using the bitwarden desktop app or browser extensions.
link