https://nvd.nist.gov/vuln/detail/CVE-2023-27706
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.
Details here: https://hackerone.com/reports/1874155
(shamelessly stolen from reddit)
You must log in or register to comment.