Bitwarden Heist - How to Break into Password Vaults Without Using Passwords::Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
Well yeah, windows hello has recently been shown to be flawed. If you’ve enabled that for your vault ofc it’s now a vulnerability.
/edit: beyond that, they didn’t even compromise windows hello. They compromised a seprate domain controller for a workstation. It only effects bitwarden because biometric unlock has to store your vaults key on the machine.
If a computer has a remote administrator and you compromise that remote administrator, obviously you’re going to gain access to everything they administrate… That would include credentials stored on machines they can reset the passwords too.