CVE-2018-25081

Name of the Vulnerable Software and Affected Versions Bitwarden versions through 2023.2.1

Description The issue allows password auto-fill within a cross-domain IFRAME element. The vendor notes that there have been important legitimate cross-domain configurations, such as an apple.com IFRAME element on the icloud.com website, and that "Auto-fill on page load" is not enabled by default.

Recommendations For versions through 2023.2.1, consider disabling the auto-fill feature on page load to minimize the risk of exploitation. Restrict access to cross-domain IFRAME elements to prevent potential abuse.