I would be more impressed if they found issues the Apple password service or 1Password, you always have to assume that no software is complete secure but personal I only trust those two especially after the Lastpass hack https://blog.lastpass.com/posts/security-incident-update-rec...
They did find a pretty gaping vulnerability for 1Password but Agile Bits (the creator of 1P) already knew about it.
It's called a vault substitution attack, and it allows a malicious server to replace contents of a shared vault but also learn of any new items entered into that shared vault. The fix is pretty trivial from a cryptography perspective but it would require probably significant change in 1P applications and architecture/protocols.
commandersaki|13 days ago
It's called a vault substitution attack, and it allows a malicious server to replace contents of a shared vault but also learn of any new items entered into that shared vault. The fix is pretty trivial from a cryptography perspective but it would require probably significant change in 1P applications and architecture/protocols.