Forwarded from BlackBox (Security) Archiv
Bitwarden leaks passwords to other subdomains
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
π ππΌ https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
π ππΌ https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Nitter
Markus Ritzmann (@RitzmannMarkus)
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automaticallyβ¦