Researchers at the Swiss Federal Institute of Technology (ETH Zürich) have discovered serious vulnerabilities in popular, cloud-based password managers that allowed them to view and modify stored passphrases.
The result was achieved despite vendors such as Bitwarden, Dashlane, and LastPass claiming zero-knowledge encryption of data that in theory protects users even if servers are compromised.
1Password was also scrutinised by the researchers.
"The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable," Matilda Backendal, one of the ETH Zürich researchers, wrote.
The research team, which also included Matteo Scarlata, Kenneth Paterson and Giovanni Torrisi from ETH Zürich's Applied Cryptography Group, set up servers that mimicked compromised password manager infrastructure.
Such a "malicious server threat model" assumes attackers had gained control and could make servers behave arbitrarily when interacting with user clients like web browsers.
The attacks exploited routine user interactions that people perform daily with their password managers.
Simply logging into an account, opening a vault, viewing passwords or synchronising data between devices gave the malicious server layer opportunities to compromise security.
The team discovered 12 distinct attacks against Bitwarden, seven against LastPass and six against Dashlane.
These ranged from targeting specific user vaults to completely compromising all vaults within an organisation using the service.
"Due to the large amount of sensitive data they contain, password managers are likely targets for experienced hackers who are capable of penetrating the servers and launching attacks from there," Paterson, who is a professor of computer science at ETH Zürich, said.
Similar attacks have already occurred in practice against password manager services.
Scarlata, a PhD student who carried out some of the attacks, found the code architecture surprisingly convoluted.
Password managers attempt to balance security with user-friendly features like password recovery and family account sharing.
"As a result, the code becomes more complex and confusing, and it expands the potential attack surface for hackers," Scarlata said.
The attacks require neither particularly powerful computers nor sophisticated infrastructure.
Small programs capable of impersonating legitimate servers are sufficient to exploit the vulnerabilities.
Many providers continue using cryptographic technologies from the 1990s despite these being obsolete by modern standards.
Providers fear that system updates could cause customers to lose access to their passwords and other personal data.
This concern affects both millions of private users and thousands of companies that rely on these services for password management.
The research team followed responsible disclosure practices by contacting affected providers 90 days before publication.
"For the most part, the providers were cooperative and appreciative, but not all were as quick when it came to fixing the security vulnerabilities," Paterson said.
1Password uses stronger security model that's still attackable
Another popular password manager, 1Password, was also analysed by the researchers, and found to contain critical vulnerabilities.
1Password uses both a master password and a high-entropy "secret key" to access vaults, a design that provides much stronger protection against brute-force attacks.
This comes at a cost of usability since 1Password users cannot access vaults through entering passwords alone, however.
Even so, the researchers devised an attack on existing vaults in which users lose access to old items while new ones leak out.
1Password's vault sharing lacks authentication of public keys, which in turn enables attacks similar to those the researchers were able to launch against Bitwarden, LastPass and Dashlane.
While the researchers disclosed their findings to 1Password, the company's response to them was that they represented already-known architectural limitations, and are not newly discovered vulnerabilities.
Improving password manager security possible
The researchers propose a practical migration path for fixing these issues.
New customers should be enrolled in systems built to current cryptographic standards.
Existing customers could then choose whether to migrate their passwords to the more secure system or remain on the old infrastructure with full awareness of the risks.
Paterson recommends users choose password managers that demonstrate transparency about security vulnerabilities and undergo external audits.
End-to-end encryption should be enabled by default rather than optional.
"The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer," Paterson said.
The research [pdf] will be presented at USENIX Security 2026, held in the United States in August this year.
_(33).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
iTnews Benchmark Awards 2026
iTnews Executive Retreat - Security Leaders Edition
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
