A recent investigation by researchers at ETH Zurich and USI Lugano has dismantled the marketing myth of "zero knowledge" security in major password managers like Bitwarden, Dashlane, and LastPass. While these platforms promise that data is unreadable even by the providers themselves, the study uncovers 25 vulnerabilities where a compromised server can effectively strip away encryption.

The most critical flaws reside in account recovery and vault-sharing mechanisms. By exploiting unauthenticated key exchanges, a malicious server can inject its own public keys into a user’s session, allowing an adversary to decrypt and modify entire vaults. These attacks succeed because clients often fail to verify the integrity of the configuration data sent by the server, blindly trusting the infrastructure they rely on.

Additionally, the research highlights "vault malleability," where attackers can swap encrypted fields to trick the application into leaking passwords. For example, by replacing a website’s icon URL field with the encrypted password field, the client may unknowingly send a decrypted password back to the server. Furthermore, adversaries can force a "downgrade" of cryptographic strength, reducing password hashing iterations by 300,000 times to make brute-force attacks trivial. This research highlights that even robust encryption models are vulnerable when implementation prioritizes convenience over verification.

A recent investigation by researchers at ETH Zurich and USI Lugano has dismantled the marketing myth of "zero knowledge" security in major password managers like Bitwarden, Dashlane, and LastPass. While these platforms promise that data is unreadable even by the providers themselves, the study uncovers 25 vulnerabilities where a compromised server can effectively strip away encryption.

The most critical flaws reside in account recovery and vault-sharing mechanisms. By exploiting unauthenticated key exchanges, a malicious server can inject its own public keys into a user’s session, allowing an adversary to decrypt and modify entire vaults. These attacks succeed because clients often fail to verify the integrity of the configuration data sent by the server, blindly trusting the infrastructure they rely on.

Additionally, the research highlights "vault malleability," where attackers can swap encrypted fields to trick the application into leaking passwords. For example, by replacing a website’s icon URL field with the encrypted password field, the client may unknowingly send a decrypted password back to the server. Furthermore, adversaries can force a "downgrade" of cryptographic strength, reducing password hashing iterations by 300,000 times to make brute-force attacks trivial. This research highlights that even robust encryption models are vulnerable when implementation prioritizes convenience over verification.