Security Issue with Autofill?
Hi Everyone,
i came across an article on https://www.bleepingcomputer.com/ in regards of security issues with Bitwardens Auto-Fill Feature. Now I'm curious if we have a similia issue with 1Password Browser Extension.
https://www.bleepingcomputer.com/news/security/bitwarden-flaw-can-let-hackers-steal-passwords-using-iframes/
As far as i would understand the situation with Bitwarden, is that the Browser Extension from Bitwarden will auto-fill Login Credentials without any user interaction if you enable that feature.
I don't see the issue with 1Password because you must select the item you want to use for sign in. But as described in that article a malicious iframe can also capture the login credentials if you select an item. I'm also not sure if the default configuration for auto-fill or selection of items will cause a problem because 1Password will offer the login on ALL host of a domain.
Maybe someone can clarify the situation for 1Password.
Regards
Stefan
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided