Security issue or 'feature': Browser extension auto login into management console
Hi there,
I found out that when you use the browser extensions of 1PW and go into settings > Integrations > Manage Integrations > manage it does automatically login into your web vaults management interface (without any additional password and without entering any credentials (even when all browser cookies where delete before).
At this point the extension must send the encryption key to the JS that was supplied by the server. (isn't this an RCE vulnerability on client side?).
And overall this is kind of a big security issue in my point of view because you directly get access to every management part of your whole account (even the other members section and so on).
Why not closing this big hole and make it as an option or put some password prompt there?
