this post was submitted on 21 Feb 2024
76 points (96.3% liked)
Bitwarden
782 readers
1 users here now
Discuss the Paswordmanager Bitwarden.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
if I'm entering my details on a phishing website anyway, it shouldn't really matter wether or not I typed it in or used Autofill, right?
There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.
I don't think that this is a very likely attack, but at least in theory this could work.
Edit: Bitwarden protects against such attacks:
If an attacker can control the content delivered from a valid domain’s web server, nothing at all is going to protect you.