[fullstop]

Bitwarden's response [1] is interesting.

"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."

They don't expand on what those three are.

1. https://bitwarden.com/blog/security-through-transparency-eth...

[tptacek]

For clarity, one of the "Accepted" vulnerabilities is that attackers who control the Bitwarden servers can set the PBKDF iteration count to "1". They set the severity of this to "low".

They've also "accepted" a vulnerability --- BW01 from the paper, I believe --- that allows a malicious server to read all vault items from a user as soon as they accept any invitation (real or not) to an "organization".

[hleszek]

you can see them in the report at the bottom, but I counted four. See my post above.

[OutOfHere]

No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.