Six popular password managers are vulnerable to clickjacking flaws that can leak sensitive data through malicious websites, affecting around 40 million users. Vendors are rolling out fixes, but users are advised to disable autofill until updates are implemented. #1Password #Bitwarden
Keypoints
- Six major password managers are vulnerable to unpatched clickjacking exploits.
- The attack involves overlaying invisible elements to trick autofill actions.
- Experts demonstrated multiple exploitation variants using DOM manipulation techniques.
- Some vendors have released updates, but others have not responded or addressed the issue.
- Until fixed, users should disable autofill and rely on manual copying and pasting.