PT-2023-21302 · Bitwarden · Bitwarden Windows Desktop Application
Mebeim
·
Published
2023-06-09
·
Updated
2025-01-06
·
CVE-2023-27706
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Bitwarden Windows desktop application versions prior to v2023.4.0
Description
The issue concerns the storage of biometric keys in the Windows Credential Manager by the Bitwarden Windows desktop application, making them accessible to other local unprivileged processes. This highlights challenges in secure password management.
Recommendations
For versions prior to v2023.4.0, update to version v2023.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Windows Credential Manager to minimize the risk of exploitation.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitwarden Windows Desktop Application