QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25081

Published: Mar 8, 2023

Modified: Aug 19, 2024

PUBLISHED

Description

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bitwarden/clients/releases

https://flashpoint.io/blog/bitwarden-password-pilfering/

https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assessment%20Report.pdf

https://news.ycombinator.com/item?id=35075861

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.