|
|
|
|
|
|
by commandersaki
122 days ago
|
|
|
They did find a pretty gaping vulnerability for 1Password but Agile Bits (the creator of 1P) already knew about it. It's called a vault substitution attack, and it allows a malicious server to replace contents of a shared vault but also learn of any new items entered into that shared vault. The fix is pretty trivial from a cryptography perspective but it would require probably significant change in 1P applications and architecture/protocols. |
|
|