Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
insinuator.net Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
During a penetration test for a customer, we briefly assessed Vaultwarden, an open-source online password safe. In June 2024, the German Federal Office for Information Security (BSI) published results1 of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source...
Please update Vaultwarden as soon as possible if you did not do it yet.
You're viewing a single thread.
5
comments
Hopefully, it was previously announced to update as soon as possible before disclosing the vulnerabilty. Good job by security experts and Vaultwarden team!
Yes it was, the release notes explicitly specify it for 1.32.4 and 1.32.5