⇄ Σ = Mᄃ² ⇆
Follow

Two different security companies were tasked by Bitwarden to "reinforce Bitwarden security and help customers comply with enterprise security requirements".

Bitwarden added support for Argon2 KDF recently to its products and also passwordless web vault logins.

Cure53 found no critical or important issues during the analysis of Bitwarden's network and infrastructure.

bitwarden.com/blog/third-party

· 3· 1· 4
⇄ Σ = Mᄃ² ⇆  

The security researchers did find four issues; two of them received a low security threat rating, the other two an informational rating only.

Cure53 concluded that Bitwarden "exhibits a strong security foundation with zero exploitable
vulnerabilities found"

Three of the four issues that the security researchers discovered during the audit have been addressed, the fourth is under investigation

0
ayankdownunder (🇳🇿⬌🇺🇸)  

@ecksmc it's been published by Bitwarden, though. Would you say the independent auditors are trustworthy entities?

1
⇄ Σ = Mᄃ² ⇆  

@ayankdownunder yes

imo these companies don't have anything really to gain by bullshiting they have more to gain by telling the truth it's their business model after all

if Bitwarden, or any company, then doctored any report it wouldn't look good on them as the audit company would no doubt call them out on that

1
ayankdownunder (🇳🇿⬌🇺🇸)  

@ecksmc excellent, seriously, thank you for your thoughts on this, and for sharing the information.
Bitwarden has been getting some odd opinions around it recently, and I was getting nervous about using it.

1
⇄ Σ = Mᄃ² ⇆  

@ayankdownunder

personally I don't use Bitwarden anymore no reason really other than a personal choice to use another password manager

that said Bitwarden is probably one of the better services to use

1
ayankdownunder (🇳🇿⬌🇺🇸)  

@ecksmc 🥂 it's definitely not the best out there, and has its issues, but I've invested enough time in it, so I'll stick for now.
Thanks again!

0
Daniel Smith  

@ecksmc BitWarden has seen what happened to LastPass and doesn't want to be next. But the breach at LastPass wasn't due to their security. It was from external vulnerabilities and side channel attacks. They would be wise to address and assess these same areas that led to problems for LastPass in addition to verifying their internal security.

1
⇄ Σ = Mᄃ² ⇆  

@danielbsmith Bitwarden have done audits before kinda annually for them to it

wouldn't say it had anything to do with LastPass breach other than maybe stepping the audit time-frame forward

and if any password manager service hasn't already started to look at external vulnerabilities that happened at lastpass and address things if found already I'd be shocked

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…