Bitwarden - HackerOne Reports
View on HackerOne11
Total Reports
0
Critical
1
High
5
Medium
3
Low
Rate limits too low for email 2FA
Reported by:
akashhamal0x01
|
Disclosed:
Medium
Weakness: Improper Restriction of Authentication Attempts
Blind HTTP GET SSRF via website icon fetch (bypass of pull#812)
Reported by:
shielder
|
Disclosed:
Low
Weakness: Server-Side Request Forgery (SSRF)
Server-Side Request Forgery in "icons.bitwarden.net"
Reported by:
njgadhiya
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Tracking Bitwarden firefox addon users
Reported by:
kmodi
|
Disclosed:
High
Bypass for forced re-authentication upon biometrics change
Reported by:
rink_
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Organization Admin Privilege Escalation To Owner
Reported by:
rhynorater
|
Disclosed:
Medium
Weakness: Business Logic Errors
Export vault feature is vulnerable to CSV injection
Reported by:
kenziy
|
Disclosed:
Weakness: OS Command Injection
Mailgun misconfiguration on email.bitwarden.com
Reported by:
khizer47
|
Disclosed:
Low
Weakness: Business Logic Errors
Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes
Reported by:
mebeim
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
Vulnerable exported broadcast receiver
Reported by:
b3nac
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
When uploading attachments, unencrypted file names are made available to the server
Reported by:
jjlin
|
Disclosed:
Weakness: Missing Encryption of Sensitive Data