"Zero-Knowledge" Claims Challenged
Researchers from ETH Zurich have published findings demonstrating that the "zero-knowledge encryption" claims of major password managers break down if the server is compromised. Their research found 25 password recovery attacks across three major password managers serving 60+ million users collectively.
Attack Breakdown
| Password Manager | Total Attacks | Leading to Password Disclosure |
|---|---|---|
| Bitwarden | 12 | 7 |
| LastPass | 7 | 3 |
| Dashlane | 6 | 1 |
How the Attacks Work
The research exploits a fundamental design choice: many password managers encrypt individual fields separately rather than the entire vault as a single authenticated blob. This enables "cut-and-paste" style attacks where a compromised server can:
- Rearrange encrypted entries within a vault without detection
- Inject malicious entries that exfiltrate data when the vault is decrypted client-side
- Modify metadata to redirect autofill to attacker-controlled domains
- Downgrade encryption on specific entries during sync operations
Threat Model
The attacks require the attacker to compromise the password manager's server — a scenario the vendors' "zero-knowledge" marketing specifically claims to protect against. The researchers argue this threat model is realistic given:
- LastPass was breached in 2022 and encrypted vaults were stolen
- Cloud services are frequent targets of sophisticated threat actors
- Insider threats at the provider level
- Supply chain compromises of server infrastructure
Vendor Responses
All three vendors have implemented countermeasures following responsible disclosure:
- Bitwarden: Deployed additional vault integrity checks
- LastPass: Enhanced encryption validation during sync
- Dashlane: Implemented authenticated encryption improvements
Recommendations for Users
- Use a strong, unique master password — the attacks are easier with weak master passwords
- Enable hardware security keys for MFA on your password manager account
- Keep your password manager updated to benefit from vendor patches
- Consider local-only password managers (KeePass) for highest-sensitivity credentials
- Monitor for unexpected vault changes or new entries
Research Details
The research will be presented at USENIX Security 2026. The full paper details the attack methodology, proofs of concept, and vendor mitigations.
While password managers remain significantly more secure than password reuse, this research highlights that "zero-knowledge" is not an absolute guarantee — server compromise can still threaten stored credentials.