Full Report
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
Analysis Summary
# Vulnerability: Cryptographic Downgrade and Vault Disclosure via Malicious Server
## CVE Details
- **CVE ID**: Not explicitly listed in the article (Research Paper Reference: ETH Zurich / IACR 2026/058).
- **CVSS Score**: Not assigned by NVD yet (Researchers describe severity as "High").
- **CWE**: CWE-757 (Selection of Less-Secure Algorithm Durante Negotiation), CWE-311 (Missing Encryption).
## Affected Systems
- **Products**: Bitwarden, LastPass, and Dashlane.
- **Versions**: Versions prior to February 2026 (specific version numbers vary by vendor).
- **Configurations**: Systems where legacy cryptography is enabled for backward compatibility or during specific workflows (e.g., key rotations, sharing credentials, joining an organization).
## Vulnerability Description
Researchers found that the "zero-knowledge" architecture of popular password managers can be bypassed if the vendor’s central server is compromised. The core flaw lies in the clients' trust in the server's instructions regarding cryptographic protocols. A malicious or compromised server can force a "cryptographic downgrade," instructing the client app to use legacy, weaker, or unencrypted formats for data synchronization and vault access.
By manipulating the server-client interaction, attackers can:
1. Intercept vault data by forcing the client to send secrets in a format the server can decrypt.
2. Downgrade the encryption standards used for specific vault items.
3. Inject malicious prompts or misleading dialogs to facilitate data extraction.
## Exploitation
- **Status**: PoC available (demonstrated by academic researchers). No confirmed exploitation in the wild at the time of the report.
- **Complexity**: High (Requires a full compromise of the password manager's infrastructure or a Man-in-the-Middle position with the ability to impersonate the server).
- **Attack Vector**: Network / Server-side (Malicious Server Model).
## Impact
- **Confidentiality**: High (Full disclosure of vault items/passwords in successful attacks).
- **Integrity**: Medium (Attackers can modify vault entries in some scenarios).
- **Availability**: Low (Primary focus is on data theft).
## Remediation
### Patches
- **Dashlane**: Has removed support for legacy cryptography and addressed the downgrade issue. Users are advised to update to the latest version of the Dashlane client.
- **Bitwarden**: Acknowledged the research; users should ensure they are running the latest app versions which incorporate "hardening measures" suggested by ETH Zurich.
- **LastPass**: Implementing near-term hardening measures and long-term remediation plans. Users should monitor for application updates.
### Workarounds
- **Update Protocols**: Manually trigger password changes for sensitive accounts if legacy accounts were recently migrated.
- **Verify Encryption**: Where possible, ensure "Argon2" or the latest KDF (Key Derivation Function) settings are active in the account security settings.
## Detection
- **Indicators of Compromise**: Difficult to detect client-side as the attack occurs via the "trusted" provider server. Unexpected "Key Rotation" prompts or requests to re-sync the entire vault should be treated with caution.
- **Detection Methods**: Security researchers can monitor network traffic for downgrades from modern encryption (e.g., AES-GCM) to legacy or weaker formats during synchronization.
## References
- **Dashlane Advisory**: hxxps[://]support[.]dashlane[.]com/hc/en-us/articles/33346483084050-Security-advisory-Cryptography-downgrade-issue
- **Academic Paper**: hxxps[://]eprint[.]iacr[.]org/2026/058[.]pdf
- **ETH Zurich News**: hxxps[://]ethz[.]ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised[.]html