Bitwarden Program Statistics

View program

11 total issues disclosed

$0 total paid publicly

Most disclosed (2 disclosures) — Business Logic Errors

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypass for forced re-authentication upon biometrics change Improper Authentication - Generic rink_ Medium 2023-07-19
Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes Cleartext Storage of Sensitive Information mebeim Medium 2023-06-07
When uploading attachments, unencrypted file names are made available to the server Missing Encryption of Sensitive Data jjlin No rating 2021-08-02
Rate limits too low for email 2FA Brute Force exploit_db Medium 2020-10-14
Blind HTTP GET SSRF via website icon fetch (bypass of pull#812) Server-Side Request Forgery (SSRF) shielder Low 2020-09-11
Server-Side Request Forgery in "icons.bitwarden.net" Server-Side Request Forgery (SSRF) njgadhiya Medium 2020-08-07
Tracking Bitwarden firefox addon users None supplied kmodi High 2018-05-23
Vulnerable exported broadcast receiver Violation of Secure Design Principles b3nac Low 2017-11-10
Organization Admin Privilege Escalation To Owner Business Logic Errors rhynorater Medium 2017-10-28
Mailgun misconfiguration on email.bitwarden.com Business Logic Errors babayaga_ Low 2017-10-27
Export vault feature is vulnerable to CSV injection OS Command Injection kenziy No rating 2017-09-28