The article is nearly useless for users of the software who want to know how their data may have been affected. The researchers' website is more descriptive, especilly wrt specific findings.
That's much better, thanks. According to the Bitwarden blog post: https://bitwarden.com/blog/security-through-transparency-eth... which contains its full cryptography report at the end, all the issues have been fixed except a few which are considered part of the design (see below), so if I understand correctly you have nothing to worry about if you don't use organizations and use a strong password.
Issue 5: Organisation Key Injection (Medium)
When users interact with organizations, a trust relationship is established through the exchange
of cryptographic keys. A malicious server could add users to arbitrary organizations by
encrypting an organization symmetric key under the user's public key and including it in sync
responses. The client would silently accept the new organization membership. Alternatively,
when a user creates an organization, the malicious server could substitute the newly created
organization's keys with attacker-controlled keys during the post-creation sync.
Issue 7: Disable KDF Bruteforce Protection (Low)
Bitwarden uses Password-Based Key Derivation Functions (PBKDF2 or Argon2id) to derive the
master key from the user's master password. The iteration count – currently defaulting to
600,000 for PBKDF2 – provides brute-force resistance. The researchers identified that KDF
settings are stored on the server without authentication, allowing a malicious server to reduce
the iteration count and receive a master key hash that is faster to brute-force.
Issue 9: Malleable Vault Format and Unencrypted Metadata (Low)
The researchers identified that while individual fields are encrypted, metadata about field positions and item structure is not integrity-protected, potentially allowing field reordering or item manipulation
Issue 10: Access Violation in Organisation Collections (Low)
Organization collections enable shared access to vault items among organization members. By
design, the organization symmetric key is shared with all organization members, allowing them
to access collection contents to which they have specifically been granted access
"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."
For clarity, one of the "Accepted" vulnerabilities is that attackers who control the Bitwarden servers can set the PBKDF iteration count to "1". They set the severity of this to "low".
They've also "accepted" a vulnerability --- BW01 from the paper, I believe --- that allows a malicious server to read all vault items from a user as soon as they accept any invitation (real or not) to an "organization".
No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.
Issue 5: Organisation Key Injection (Medium)
When users interact with organizations, a trust relationship is established through the exchange of cryptographic keys. A malicious server could add users to arbitrary organizations by encrypting an organization symmetric key under the user's public key and including it in sync responses. The client would silently accept the new organization membership. Alternatively, when a user creates an organization, the malicious server could substitute the newly created organization's keys with attacker-controlled keys during the post-creation sync.
Issue 7: Disable KDF Bruteforce Protection (Low)
Bitwarden uses Password-Based Key Derivation Functions (PBKDF2 or Argon2id) to derive the master key from the user's master password. The iteration count – currently defaulting to 600,000 for PBKDF2 – provides brute-force resistance. The researchers identified that KDF settings are stored on the server without authentication, allowing a malicious server to reduce the iteration count and receive a master key hash that is faster to brute-force.
Issue 9: Malleable Vault Format and Unencrypted Metadata (Low)
The researchers identified that while individual fields are encrypted, metadata about field positions and item structure is not integrity-protected, potentially allowing field reordering or item manipulation
Issue 10: Access Violation in Organisation Collections (Low)
Organization collections enable shared access to vault items among organization members. By design, the organization symmetric key is shared with all organization members, allowing them to access collection contents to which they have specifically been granted access