Shulou(Shulou.com)11/24 Report--

CTOnews.com March 18 news, the popular password management tool Bitwarden issued an announcement a few days ago, announcing that the application will be updated to completely fix the auto-filling loophole, which can be used by hackers to steal user passwords and other related information.

Bitwarden has created a fix on its GitHub page that adjusts the way the page is automatically populated when it is loaded. Bitwarden currently can only automatically fill in login data under the domain name of a trusted website.

CTOnews.com attached the main contents of this adjustment are as follows:

Automatic filling after page loading is disabled by default

After the user enables the auto-populate feature, Bitwarden uses this feature only for trusted domains and URL that the user specifically added to the application. Trusted domains include domains that match the URL accessed by the user in the browser.

When a Bitwarden user performs a manual auto-populate, a warning will jump out if you try to populate an untrusted iframe. The application displays URL in a pop-up window, giving the user the option to continue or cancel.

This "eliminates the iframe attack vector while still allowing convenient auto-populating for sites with trusted iframe," Bitwarden said.

Related readings:

User password can be disclosed, Bitwarden password Manager browser extension discovers new vulnerabilities

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.