The study conducted by researchers from ETH Zurich and Università della Svizzera italiana uncovered 25 distinct password recovery attacks affecting major cloud password managers: Bitwarden (12 attacks), LastPass (7 attacks), and Dashlane (6 attacks). These attacks exploit several cryptographic and architectural weaknesses in the implementation of zero-knowledge encryption (ZKE) and key management. Key escrow mechanisms intended for account recovery in Bitwarden and LastPass contain vulnerabilities that allow attackers to compromise vault confidentiality. Flaws in item-level encryption—where individual data items and sensitive settings are encrypted separately and combined with unencrypted or unauthenticated metadata—lead to integrity violations, metadata leakage, field swapping, and downgrade of key derivation functions. Sharing features in these password managers can be exploited to breach vault integrity and confidentiality. Additionally, legacy code compatibility introduces downgrade attacks, notably in Bitwarden and Dashlane, where support for outdated cryptographic methods weakens encryption strength and exposes master passwords to compromise. The study also notes that 1Password is affected by item-level encryption and sharing vulnerabilities but treats them as known architectural limitations. Vendors have responded by patching issues, removing legacy cryptography support, and enhancing integrity guarantees. The attacks assume a threat model where the server is malicious, challenging the zero-knowledge encryption assurances that only users hold decryption keys. The vulnerabilities threaten both individual users and organizational vaults, with the potential for complete compromise of stored credentials and secrets. No evidence currently exists of exploitation in the wild, but the scale of affected users and businesses underscores the criticality of addressing these weaknesses.

For European organizations, the impact of these vulnerabilities is substantial. Many enterprises rely on cloud-based password managers like Bitwarden, LastPass, and Dashlane to securely store and share credentials across teams. Exploitation could lead to unauthorized access to sensitive systems, data breaches, and lateral movement within corporate networks. Integrity violations may allow attackers to manipulate stored credentials or metadata, undermining trust in the password manager and potentially facilitating further attacks such as phishing or account takeover. The compromise of master passwords or vault contents could expose critical infrastructure credentials, intellectual property, and personal data, leading to regulatory non-compliance under GDPR and significant reputational damage. The attacks also threaten the security of shared vaults, which are common in collaborative environments. Given the widespread adoption of these password managers in Europe’s financial, governmental, and technology sectors, the threat could disrupt operations and erode confidence in cloud security solutions. Although no active exploits are reported, the vulnerabilities provide a roadmap for sophisticated threat actors, including nation-state adversaries, to target European organizations.

European organizations should take a multi-layered approach to mitigation. First, ensure all password manager clients and extensions are updated to the latest versions that include vendor patches addressing these vulnerabilities. Disable or tightly control password recovery and key escrow features, especially those that allow server-side involvement in key management. Review and restrict sharing permissions within password managers to minimize exposure of vault contents. Conduct regular audits of vault access logs and monitor for anomalous activities that could indicate exploitation attempts. Where possible, enforce the use of strong master passwords combined with multi-factor authentication to reduce the risk of credential compromise. Consider segmenting vaults by sensitivity and limiting legacy cryptographic support or backward compatibility features that could be exploited. Engage with vendors to understand their security roadmap and request transparency on mitigation progress. For organizations with high security requirements, evaluate alternative password management solutions with stronger cryptographic guarantees or on-premises deployments. Finally, incorporate these findings into incident response plans and employee security training to raise awareness of potential risks associated with password managers.