Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ronnier
5 months ago
|
parent
|
context
|
favorite
| on:
Vaultwarden commit introduces SSO using OpenID Con...
Yeah if an attacker was able to insert javascript then it's possible.
blr_lpm
5 months ago
|
next
[–]
For this particular threat vector, where the client is compromised, the backend doesn’t matter.
franga2000
5 months ago
|
parent
|
next
[–]
A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.
9cb14c1ec0
5 months ago
|
prev
[–]
Which is only possible if logging into the web client and not when using the bitwarden desktop app or browser extensions.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
