Back to directory

WRITEUP #599

Bitwarden Heist - How To Break Into Password Vaults Without Using Passwords

Auth BypassThick clientInsecure storage of sensitive informationAuthentication bypass

by@RedTeamPT(RedTeam Pentesting)

Program

Bitwarden

Published

Jan 3, 2024

Added to HackDex

Feb 1, 2024

Read Full Writeuphttps://blog.redteam-pentesting.de/2024/bitwarden-heist/

▸ RELATED WRITEUPS

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

SAML Authentication Bypass Leading to Admin Panel Access

Auth BypassSAML

Breaking Down Barriers: Exploiting Authenticated IPC Clients

Auth BypassIPC client

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat