A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks that could lead to the theft of highly sensitive data.
The research was conducted by Marek Tóth and it was presented earlier this month at the DEF CON conference. The researcher has now also published a blog post detailing his findings.
The researcher targeted 1Password, Bitwarden, Dashlane, Enpass, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, RoboForm, and Apple’s iCloud Passwords, specifically their associated browser extensions.
https://www.securityweek.com/password-m ... ckjacking/