Skip Navigation

Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes

hackerone.com Bitwarden disclosed on HackerOne: Biometric key is stored in...

Bitwarden Desktop on Windows allows the user to enable vault unlock through Windows Hello (under File > Settings > Unlock with Windows Hello). When this is done, a "Biometric master key" is generated and stored locally inside the Windows' user credential set. This is done through the "wincred" API, ...

Bitwarden disclosed on HackerOne: Biometric key is stored in...
1
1 comments