A newly published academic study has revealed 25 distinct password recovery attacks affecting leading cloud-based password managers, including Bitwarden, Dashlane, and LastPass. Under specific threat conditions, these vulnerabilities could allow attackers to recover stored credentials or compromise organizational vaults.
The research, conducted by academics from ETH Zurich and Università della Svizzera italiana, evaluated the security claims surrounding zero-knowledge encryption architectures implemented by these services.
According to the researchers, the discovered weaknesses range from integrity violations targeting individual vaults to scenarios involving the potential compromise of all vaults within an organization. Most notably, many of the identified attack paths enable password recovery under a malicious server threat model.
Understanding the Zero-Knowledge Model
Zero-knowledge encryption, often promoted as a privacy-enhancing security design, ensures that service providers cannot directly access user vault contents. Unlike end-to-end encryption, which primarily protects data in transit, zero-knowledge encryption focuses on secure encrypted storage where only users retain the decryption key.
The study assumed a malicious server environment to test whether these zero-knowledge claims hold up under advanced adversarial scenarios. Researchers discovered multiple architectural weaknesses and cryptographic design flaws that undermined expected protections.
Collectively, the affected password managers serve more than 60 million users and nearly 125,000 organizations worldwide, amplifying the potential impact of these findings.
Breakdown of the Identified Attack Categories
The 25 attacks were grouped into four major categories:
1. Key Escrow Exploitation
Flaws in account recovery mechanisms allowed attackers to exploit key escrow implementations in Bitwarden and LastPass, weakening confidentiality guarantees.
2. Item-Level Encryption Weaknesses
Improper separation between encrypted vault items and unauthenticated metadata introduced risks such as metadata leakage, integrity violations, field swapping, and cryptographic downgrade attacks.
3. Sharing Mechanism Vulnerabilities
Certain sharing features were found to expose vault integrity and confidentiality to manipulation under malicious intermediary conditions.
4. Legacy Compatibility Downgrade Attacks
Backward compatibility with older cryptographic implementations created downgrade opportunities in Bitwarden and Dashlane.
The study also assessed 1Password and found it potentially susceptible to item-level encryption and sharing-related attacks. However, the company classified these findings as known architectural trade-offs rather than new vulnerabilities.
Vendor Responses and Mitigations
1Password stated that the findings did not introduce new attack vectors beyond those documented in its publicly available security design documentation. The company emphasized its use of Secure Remote Password authentication to prevent encryption keys from being transmitted to servers.
Dashlane addressed a vulnerability that could have enabled encryption downgrade attacks following server compromise. The issue was resolved in Extension version 6.2544.1, released in November 2025, by removing legacy cryptographic support.
Bitwarden confirmed that several identified issues have already been remediated, while others are under active resolution. Some design choices were retained due to product functionality requirements.
LastPass indicated it is strengthening cryptographic binding between vault items, fields, and metadata to improve integrity guarantees and reduce the risks posed by malicious intermediaries.
Importantly, there is currently no evidence that any of these vulnerabilities have been exploited in real-world attacks.
Security Implications
The research highlights how even widely trusted password managers can face complex architectural challenges, especially when balancing usability, recovery mechanisms, and cryptographic assurances.
While no active exploitation has been observed, the findings underscore the importance of ongoing security reviews, transparent threat modeling, and careful implementation of zero-knowledge designs.
For enterprises and individual users alike, the study serves as a reminder that security guarantees must continuously evolve alongside emerging attack methodologies.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
