Feb 25, 2026
3 min read
Researchers studied zero-knowledge claims from password managers and discovered a few possible attack scenarios.
I'm a big advocate of password managers.True, there are better password alternatives like passlock, but if the provider doesn't offer anything other than a password option, as many do, you can't do much about it.So for now we seem to be stuck with passwords.
All reputable password managers claim they can't see your passwords even if they wanted to.But researchers have found that these "zero-knowledge" cloud-based password managers are more vulnerable than their marketing suggests.
The researchers also warn that this is not an immediate cause for panic.A full password leak requires rare, advanced failures, such as a malicious or fully compromised server, as well as certain design weaknesses and activation features.
The biggest "problem" is that most of these password managers are cloud-based.It is very useful if you are working on another device and need access, but it also increases the attack rate.Sharing your password with another device or another user exposes you to the possibility of unwanted access.
The researchers tested several vendors, including LastPass, Bitwarden, and Dashlane, and proposed several attack techniques that could allow password recovery.
Password managers with user groups
In organizations, sharing recovery keys, group keys and administrative public keys often means that they are retrieved from the server without a guarantee of authenticity.It means that under the right circumstances, an attacker can gain access.
When group administrators enable policies such as "automatic or manual recovery", you can change those policies without notice by using a compromised server. If there is no integrity protection in the organization's "policy drop" (small configuration file).
Weak encryption on vulnerable servers
Your password manager will take your master password and run it through PBKDF2 several times (eg 600,000 spins) before storing the hash.But on a compromised server, an attacker could reduce the number of iterations to say 2, making it easy to guess or brute force the master password.
Account recovery options
On a compromised server, an attacker can modify a policy block, change the settings to "automatic recovery" and send it to clients.Switching to automatic recovery helps the attacker because it allows the system to issue vault keys without anyone clicking "approve" or even noticing it's happening.
Therefore, an attacker can turn an infrequent, user-visible emergency procedure into a silent, routine mechanism that they can abuse to pull vault keys on a large scale or in a covert, targeted manner.
To avoid locking users into legacy clients, vendors continue to support legacy key hierarchies and modes other than AEAD (Assured Encryption with Associated Data), such as CBC (Crypto Block Chaining), without strict integrity checks.This opens the door to classic downgrade attacks, where the server induces the client to use weaker schemes and then gradually recovers the plaintext.
How to stay safe
We want to emphasize that these attacks will be highly targeted and require a high level of compromise.Therefore, cloud password managers are still more secure than reusing passwords and spreadsheets, but their “zero knowledge” claims don't hold up against these types of nationwide attacks.
After responsible disclosure, many problems are already established or mitigated, reducing the number of possible attacks.
Most of the attacks shown require business functions (account recovery, shared storage, organization membership) or old/former customers, so be very careful with them.
Enable multi-factor authentication for important accounts so a hacker can't just get your password.
We don't just report on threats – we help protect your entire digital identity
Cybersecurity risks should not spread beyond the headlines.Protect your and your family's information using Identity Protection.
