Mastodon Feed: Post

Mastodon FeedJan 24, 2023, 9:02 AM

nadim@symbolic.software ("Nadim Kobeissi") wrote:

I found (and reported) this issue in Bitwarden all the way back in 2018 (https://cure53.de/pentest-report_bitwarden.pdf), and it was, as is too often the case, downplayed right up until a blog post makes a big deal out of it, in this case five years later. Sigh.

https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations