A group of academic security researchers have detailed a set of vulnerabilities in four popular cloud-based password managers that could allow an attacker to view and change the passwords stored in a victim’s vaults.

The researchers, from ETH Zurich and the Università della Svizzera italiana (USI), in Switzerland, developed 27 successful attack scenarios targeting cloud-based password management services from Bitwarden, LastPass, Dashlane and 1Password.

The attacks ranged in severity from integrity violations to the complete compromise of all vaults in an organization, with many of these scenarios allowing attackers to recover passwords.

These attack scenarios challenged the password management providers’ claims of offering ‘zero-knowledge encryption,’ which conveys the idea that the server storing the user vaults cannot learn anything about its contents, even if it is compromised.

The findings were published in a peer-reviewed paper released on February 16 and will be the subject of a talk at the next USENIX Security Symposium, which will be held in Baltimore, MD in August 2026.

Attacking End-to-End Encryption Claims

The 27 attack scenarios developed by the researchers revealed common design anti-patterns and cryptographic misconceptions, including unauthenticated public keys, lack of ciphertext integrity, insufficient key separation and missing cryptographic binding between data and metadata.

They fell into four categories based on the password manager feature they exploited:

• Key escrow: full vault compromise via unauthenticated key escrow and account recovery features (four successful attacks: three against Bitwarden, one against LastPass)
• Vault encryption: integrity violations, metadata leakage, field swapping and key derivation function (KDF) downgrade through flawed item-level encryption (11 successful attacks: five against LastPass, four against Bitwarden, one against Dashlane and one against 1Password)
• Sharing: organization and shared vault compromise via unauthenticated public keys (five successful attacks: two against Bitwarden, one against LastPass, one against Dashlane, one against 1Password)
• Backwards compatibility: downgrade to insecure legacy encryption, enabling confidentiality loss and brute-force attacks (seven successful attacks: four against Dashlane, three against Bitwarden)

In total, the researchers presented 12 distinct attack scenarios against Bitwarden, seven against LastPass, six against Dashlane and two against 1Password.

They noted that, unlike the other three password managers, 1Password includes a high-entropy cryptographic key in the key derivation – which the company calls a “secret key” – alongside the master password a user needs to access its vaults and passwords.

This grants 1Password with a security advantage and means “brute-force attacks should be out of reach,” the researchers added.

Kenneth Paterson, professor at ETH Zurich’s Department of Computer Science and one of the lead authors of the paper, said that he and his colleagues were “surprised by the severity of the security vulnerabilities.”

He explained that his team had already discovered similar vulnerabilities in other cloud-based services but had assumed a significantly higher standard of security for password managers due to the critical data they store.

“Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before,” he said.

Malicious Auto-Enrolment Against Bitwarden

An example of an attack developed by the researchers was a ‘malicious auto-enrolment’ attack against a cloud-based Bitwarden vault (BW01).

This exploited a critical flaw in Bitwarden’s organization onboarding process, where an adversary controlling the server could silently hijack a user’s vault the moment they accepted an invitation, even from a trusted source.

The core issue was in the lack of integrity protection for organization data fetched during onboarding, including policies and cryptographic keys. When a user joins an organization, their client blindly trusts the server’s response, allowing an attacker to manipulate it.

By enabling auto-enrolment in the account recovery policy and swapping the organization’s legitimate public key with their own, an attacker could force the client to encrypt the user’s master key under the malicious key, handing it over without resistance.

The attack unfolds in three key steps.

1. The adversary intercepts the user’s request to join the organization, replacing the server’s response with a tampered policy (setting auto-enrolment to true) and a forged public key
2. The client, unaware of the deception, encrypts the user’s master key under the attacker’s key and sends it back as an ‘account recovery ciphertext’
3. Finally, the attacker decrypts this ciphertext using their private key, exposing the master key

With the user’s master key in hand, the attacker could gain full access to all stored passwords, notes, and sensitive data, as well as the ability to modify or delete entries undetected.

The impact can be severe: a single compromised server can lead to the mass compromise of users, even if they join legitimate, trusted organizations.

Worse, the attack scales exponentially. If an attacker breaches one user in an organization, they gain access to the organisation’s private key, which could be shared among several members of their team.

Remediation Underway at Bitwarden, LastPass and Dashlane

The researchers disclosed their findings to Bitwarden, LastPass and Dashlane through a coordinated 90-day disclosure process that included detailed descriptions of all vulnerabilities.

They also offered support through video conferences, email exchanges and patch review.

All three vendors notified the researchers that remediation of these vulnerabilities is underway.

1Password, also made aware of the two attack scenarios performed by the researchers against their services, did not request an embargo period but said the company regards the vulnerabilities as “arising from already known architectural limitations.”

The researchers noted that they have “no reason to believe” that the password manager vendors are currently malicious or compromised and that passwords “are safe as long as things stay that way.”

“That said, password managers are high-value targets, and breaches do happen,” the researchers added.

Mitigation Recommendations

In the scientific paper, the researchers said their attacks can all be mitigated using a combination of authentication methods, such as authentication encryption, key separation, plaintext authentication, public key authentication and ciphertext authentication.

Users of Bitwarden, LastPass or Dashlane are advised to check the remediation status of their providers.

Users of other password managers can see if their passwords could be compromised by similar attacks by asking their providers to commission an audit or asking the following questions:

• Do you offer end-to-end encryption? What security do you provide in case your server infrastructure was to be compromised?
• How do you check that public keys and public-key ciphertexts are authentic?
• How do you authenticate security-critical settings, such as the KDF type and the iteration count?
• Do you provide integrity guarantees for a user's vault as a whole? Can a malicious server add items to your vault?

Read now: Five Ways to Dramatically Reduce the Risk of Password Compromise