top | item 47044858

(no title)

They did find a pretty gaping vulnerability for 1Password but Agile Bits (the creator of 1P) already knew about it.

It's called a vault substitution attack, and it allows a malicious server to replace contents of a shared vault but also learn of any new items entered into that shared vault. The fix is pretty trivial from a cryptography perspective but it would require probably significant change in 1P applications and architecture/protocols.

discuss

No comments yet.