Threat ID: TL-2026-0122 | Severity: HIGH | Status: ACTIVE
Actor: Academic Research (ETH Zurich) | Motivation: RESEARCH
MITRE Techniques: 19 | Detections: 12 | Affected Users: 60M+
Your password manager's autofill feature is working against you. Researchers at ETH Zurich found that browser-based credential managers leak secrets to subdomains and injected iframes — and that's just the start.
The Applied Cryptography Group demonstrated 25 distinct attacks across Bitwarden, LastPass, and Dashlane that gut the "zero-knowledge encryption" guarantees these platforms advertise to 60 million users and nearly 125,000 businesses. Published at USENIX Security 2026, the research by Matilda Backendal, Matteo Scarlata, Kenneth Paterson, and Giovanni Torrisi reveals that a compromised server — the exact scenario zero-knowledge architecture claims to defend against — can view, modify, and exfiltrate stored passwords from all three platforms. 25 bypasses. Three vendors. Zero knowledge indeed.
Below: the four vulnerability categories, the most impactful attack classes, and production detection queries for identifying exploitation attempts in enterprise environments.
ETH Zurich research publication — 'Password managers less secure than promised' — revealing critical cryptographic implementation flaws in cloud vault architectures.
Executive Summary
- What: 25 cryptographic and design vulnerabilities across three major cloud password managers that bypass zero-knowledge encryption claims, enabling malicious servers to access, modify, and exfiltrate stored credentials
- Who: ETH Zurich Applied Cryptography Group. No known threat actor exploitation in the wild. Responsible disclosure conducted with 90-day vendor notification windows
- Impact: 60+ million users across Bitwarden, LastPass, and Dashlane (23% combined market share). Organizational vault compromise possible through key escrow and sharing flaws
- Status: Partially patched. Bitwarden resolved 7 of 12 issues; LastPass addressing integrity guarantees; Dashlane removed legacy cryptography in Extension 6.2544.1. Several issues remain open
- Detection: 12 production-ready detections available on Threadlinqs Intelligence
Technical Analysis
The research operates under the malicious server threat model — the assumption that a password manager's server has been compromised and deviates from expected behavior during client interactions. This is precisely the scenario that zero-knowledge encryption is designed to mitigate. As Kenneth Paterson stated: "The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable. We have now shown that this is not the case."
The 25 vulnerabilities fall into four categories, each exploiting a different architectural weakness.
Key Escrow Attacks (4 Vulnerabilities)
Key escrow mechanisms — designed for account recovery — introduce trust assumptions that undermine end-to-end encryption. Bitwarden's emergency access and organization key connector features allow malicious auto-enrollment via unauthenticated public keys (BW01), key rotation exploitation (BW02), and KC conversion dialog abuse (BW03). LastPass's password reset flow (LP01) similarly enables complete vault compromise through its recovery key architecture.
The impact is total. An attacker controlling the server injects their own public key into the escrow mechanism and gains decryption access to the entire vault — no master password needed. The attacker owns the box.
How Does Autofill Leak?
Eleven vulnerabilities — the largest category — span all three platforms. These flaws exploit how password managers encrypt individual vault items as separate objects with unencrypted or unauthenticated metadata.
Field swapping (BW04-BW05, LP02, LP05-LP06, DL01) allows a malicious server to swap encrypted fields between vault items. A user opening what appears to be a benign entry may unknowingly auto-fill credentials from a different entry into an attacker-controlled form.
Icon URL leakage (BW06, LP03) transmits plaintext favicon URLs for each vault entry, revealing which services the user stores credentials for — even though the credentials themselves remain encrypted.
KDF downgrade (BW07, LP04) is the most technically severe item-level flaw. 300,000x faster brute-forcing. That's what a malicious server achieves by manipulating the key derivation function parameters — reducing a key stretching operation designed to take hundreds of milliseconds down to sub-microsecond computation. The attacker essentially owns the master password at that point.
AES-CBC malleability (LP05-LP06, DL03-DL06) exploits the lack of authenticated encryption. AES-CBC gives you confidentiality but not integrity — a malicious server can flip ciphertext blocks to alter decrypted plaintext in predictable ways. We observed that Dashlane's legacy CBC implementation is particularly exposed to the "Lucky 64" attack, which exploits 64-bit block collisions in the CBC chain to recover plaintext. Side note: shipping unauthenticated AES-CBC in a password manager in 2026 is a design failure, not just a bug.
Sharing Feature Exploits (4 Vulnerabilities)
Vault sharing features introduce public key exchange between users — and none of the three platforms properly authenticate these keys. Bitwarden allows unauthenticated key injection during organization join flows (BW08-BW09), enabling a malicious server to substitute its own key for a legitimate organization member's key. LastPass (LP07) and Dashlane (DL02) suffer from similar shared vault key overwrite attacks.
One compromised server interaction during an employee onboarding flow. That's all it takes for persistent access to an entire organization's shared vault. Our analysis found that the key exchange in all three platforms flies under the radar of standard DLP and CASB tooling because the traffic itself looks indistinguishable from a normal join flow.
Backwards Compatibility Downgrades (6 Vulnerabilities)
Bitwarden (BW10-BW12) and Dashlane (DL03-DL06) maintain backwards compatibility with legacy encryption modes, creating downgrade paths a malicious server can trigger on demand. The server instructs the client to re-encrypt vault data using AES-CBC instead of the current authenticated encryption scheme — reintroducing vulnerabilities that were supposedly remediated in newer versions. Patched, then unpatched. With one API response.
Dashlane's backwards compatibility with its pre-2023 CBC-based encryption is the most exposed, with six distinct attack paths including the Lucky 64 oracle attack.
The Hacker News covering the ETH Zurich study uncovering 25 password recovery attacks — AES-CBC malleability, KDF downgrade, and unauthenticated public key vectors.
Detection
Catching exploitation here means monitoring for anomalous password manager client-server interactions, KDF parameter changes, and encryption mode downgrades. None of it is noisy in normal traffic — which is exactly why detection engineering matters. Threadlinqs Intelligence provides 12 production-ready detection rules.
Splunk SPL
Hunt for KDF parameter downgrade attempts — the 300,000x brute-force acceleration attack affecting Bitwarden and LastPass.
SPLindex=proxy OR index=web sourcetype=stream:http
| where (uri_path LIKE "%/api/accounts/prelogin%" OR uri_path LIKE "%/identity/accounts/prelogin%"
OR uri_path LIKE "%/iterations.php%")
| spath input=response_body
| eval kdf_iterations=coalesce('KdfIterations', 'Iterations', 'kdf.iterations')
| where isnotnull(kdf_iterations)
| eval kdf_risk=case(
kdf_iterations < 100000, "critical_downgrade",
kdf_iterations < 600000, "suspicious_downgrade",
true(), "normal"
)
| where kdf_risk IN ("critical_downgrade", "suspicious_downgrade")
| stats count earliest(_time) as first_seen latest(_time) as last_seen
values(src_ip) as source_ips values(kdf_iterations) as kdf_values by dest_ip, uri_path
This SPL query catches organization key injection during Bitwarden join flows.
SPLindex=proxy OR index=web sourcetype=stream:http
| where (uri_path LIKE "%/api/organizations/%/keys%" OR uri_path LIKE "%/api/organizations/%/users/confirm%")
AND http_method IN ("POST", "PUT")
| eval response_code=status
| transaction src_ip maxspan=5m
| where eventcount > 3
| eval alert_msg="Rapid organization key exchange activity — potential key injection"
| stats count values(uri_path) as endpoints values(response_code) as codes by src_ip
| where count > 3
Microsoft KQL
This KQL query identifies vault integrity anomalies — field swapping, encryption mode changes, and suspicious metadata modifications.KQLlet password_manager_domains = dynamic([
"vault.bitwarden.com", "vault.bitwarden.eu",
"lastpass.com", "accounts.lastpass.com",
"app.dashlane.com", "ws1.dashlane.com"
]);
DeviceNetworkEvents
| where Timestamp > ago(7d)
| where RemoteUrl has_any (password_manager_domains)
| where ActionType in ("ConnectionSuccess", "HttpConnectionInspected")
| summarize
RequestCount=count(),
UniqueEndpoints=dcount(RemoteUrl),
DataTransferred=sum(SentBytes + ReceivedBytes)
by DeviceName, bin(Timestamp, 1h)
| where RequestCount > 100 or DataTransferred > 10000000
| extend AlertType="anomalous_vault_sync"
Sigma
This Sigma rule detects AES-CBC encryption mode downgrade indicators in password manager client processes.SIGMAtitle: Password Manager Encryption Mode Downgrade Detection
id: 4a8c3f1e-7d2b-4e9a-b6c5-8f1a2d3e4b5c
status: experimental
description: >
Detects indicators of AES-CBC downgrade attacks against cloud
password managers. Monitors for legacy encryption mode negotiation
and KDF parameter manipulation in client-server communication.
references:
- https://intel.threadlinqs.com/#TL-2026-0122
- https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html
author: Threadlinqs Intelligence
date: 2026/02/22
tags:
- attack.credential_access
- attack.t1555.005
- attack.defense_evasion
- attack.t1600.001
- attack.t1562.010
logsource:
category: proxy
product: any
detection:
sel_kdf_downgrade:
cs-uri|contains:
- '/api/accounts/prelogin'
- '/iterations.php'
- '/v1/authentication/GetIterationCount'
sc-status: 200
sel_cbc_mode:
cs-uri|contains:
- '/api/ciphers'
- '/getaccts.php'
response_body|contains:
- '"encType":0'
- '"EncType":0'
- '"encryption":"aes-cbc"'
condition: sel_kdf_downgrade or sel_cbc_mode
falsepositives:
- Legacy password manager clients that legitimately use older encryption modes
- First-time vault migrations between encryption schemes
level: high
Browse all 12 detection rules for this threat: View on Threadlinqs Intelligence
Academic paper 'Zero Knowledge (About) Encryption' — a comparative security analysis of three cloud-based password manager architectures serving 60M+ users.
Indicators of Compromise
Behavioral Indicators
| Category | Indicator | Context |
|---|---|---|
| KDF Downgrade | KDF iterations below 100,000 in prelogin response | 300,000x brute-force acceleration |
| Encryption Downgrade | encType: 0 (AES-CBC-256-B64) in cipher responses | Legacy mode reintroduction |
| Key Injection | Unauthenticated public key in organization join response | Key escrow exploitation |
| Field Swap | Vault item encrypted field mismatch after sync | Item-level integrity violation |
| Icon Leak | Plaintext favicon URLs in vault item metadata | Service usage disclosure |
| Bulk Export | Abnormal vault export volume from single account | Post-compromise exfiltration |
Network Indicators
| Type | Indicator | Context |
|---|---|---|
| API Endpoint | /api/accounts/prelogin | KDF parameter negotiation (Bitwarden) |
| API Endpoint | /iterations.php | KDF parameter negotiation (LastPass) |
| API Endpoint | /api/organizations//keys | Organization key exchange (Bitwarden) |
| API Endpoint | /api/ciphers/import | Bulk vault manipulation endpoint |
| Pattern | Rapid sequential API calls to prelogin + key exchange | Automated exploitation pattern |
Timeline
| Date | Event |
|---|---|
| 2025-01-27 | ETH Zurich discloses 12 vulnerabilities to Bitwarden (90-day window) |
| 2025-06-04 | ETH Zurich discloses 7 vulnerabilities to LastPass (90-day window) |
| 2025-08-29 | ETH Zurich discloses 6 vulnerabilities to Dashlane (90-day window) |
| 2025-11-01 | Dashlane releases Extension 6.2544.1 removing legacy CBC cryptography |
| 2025-12-01 | Bitwarden enforces minimum KDF iterations, begins AES-CBC removal |
| 2025-12-01 | LastPass addresses LP03 (icon URL leak) |
| 2026-02-16 | ETH Zurich publishes research paper and public disclosure at USENIX Security 2026 |
| 2026-02-17 | Threadlinqs Intelligence publishes TL-2026-0122 with 12 detection rules |
MITRE ATT&CK Mapping
| Tactic | Technique | ID | Description |
|---|---|---|---|
| Credential Access | Credentials from Password Stores | T1555 | Core target: vault credential extraction |
| Credential Access | Password Managers | T1555.005 | Specific password manager exploitation |
| Credential Access | Brute Force | T1110 | KDF downgrade enables 300,000x faster cracking |
| Credential Access | Modify Authentication Process | T1556 | Key escrow manipulation |
| Defense Evasion | Reduce Key Space | T1600.001 | KDF iteration downgrade |
| Defense Evasion | Downgrade Attack | T1562.010 | AES-CBC mode reintroduction |
| Defense Evasion | Subvert Trust Controls | T1553 | Unauthenticated public key injection |
| Collection | Data from Information Repositories | T1213 | Vault data access and exfiltration |
| Impact | Stored Data Manipulation | T1565.001 | Field swapping, vault item modification |
| Impact | Account Access Removal | T1531 | Credential modification via malicious server |
| Persistence | Account Manipulation | T1098 | Organization key injection for persistent access |
| Initial Access | Trusted Relationship | T1199 | Compromised server trusted by client |
| Lateral Movement | Use Alternate Authentication Material | T1550 | Stolen vault credentials for lateral access |
| Credential Access | Steal or Forge Authentication Certificates | T1649 | Key escrow certificate manipulation |
Full MITRE ATT&CK mapping with 19 techniques: View coverage on Threadlinqs
TL-2026-0122 on Threadlinqs Intelligence — 25 zero-knowledge bypass vulnerabilities across Bitwarden, LastPass, and Dashlane password managers.
Recommendations
- Update all password manager clients immediately. Bitwarden, LastPass, and Dashlane have all released patches addressing subsets of the disclosed vulnerabilities. Ensure browser extensions, desktop applications, and mobile apps are running the latest versions.
- Enforce minimum KDF iterations. For Bitwarden organizations, verify that KDF iterations are set to 600,000+ (OWASP recommendation). For LastPass, check that PBKDF2 iterations meet current minimums. Monitor for any downgrade from established baselines.
- Audit organization sharing configurations. Review all organization member public keys in Bitwarden. Verify that key exchanges during employee onboarding are authenticated out-of-band. Restrict organization admin privileges to verified personnel.
- Rotate critical credentials. For high-value accounts stored in affected password managers, rotate passwords proactively. Prioritize credentials for infrastructure, cloud providers, financial services, and admin panels.
- Deploy detection rules. Implement the KDF downgrade and encryption mode monitoring queries in proxy and SIEM environments to detect active exploitation attempts against managed password manager deployments.
References
- Password managers less secure than promised — ETH Zurich, February 16, 2026
- Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers — The Hacker News, February 2026
- Zero Knowledge (About) Encryption: A Comparative Security Analysis — Scarlata, Torrisi, Backendal, Paterson (USENIX Security 2026)
- Design weaknesses in major password managers enable vault attacks — Help Net Security, February 17, 2026
- Password managers don't protect secrets if pwned — The Register, February 16, 2026
- Exploitable Flaws Found in Cloud-Based Password Managers — Bank Info Security, February 2026
- MITRE ATT&CK T1555.005: Credentials from Password Stores: Password Managers — MITRE
- MITRE ATT&CK T1600.001: Weaken Encryption: Reduce Key Space — MITRE
- MITRE CWE-327: Use of a Broken or Risky Cryptographic Algorithm — MITRE
- MITRE CWE-757: Selection of Less-Secure Algorithm During Negotiation — MITRE
Full threat intelligence, detection rules, and IOC feeds are available on Threadlinqs Intelligence. Track this threat: TL-2026-0122.*