A recent study revealed that nearly all tested password managers are vulnerable to clickjacking attacks, which can lead to theft of sensitive data. Vendors are working to patch these issues, but some fixes are still pending deployment. #PasswordManagerVulnerabilities #ClickjackingThreats
Keypoints
- The research tested popular password managers including 1Password, LastPass, and Bitwarden for clickjacking vulnerabilities.
- Attackers can use DOM-based methods and autofill features to exfiltrate sensitive data with minimal clicks.
- Some vendors, like Bitwarden, are actively rolling out updates to fix these vulnerabilities.
- Password managers inject UI elements into web pages, which attackers can manipulate invisibly using JavaScript.
- Developers recommend increased user control and vigilance to mitigate risks while patches are developed.
Read More: https://www.securityweek.com/password-managers-vulnerable-to-data-theft-via-clickjacking/