Insecure Storage of Biometric Keys in Bitwarden Windows Desktop Application

Insecure Storage of Biometric Keys in Bitwarden Windows Desktop Application

CVE-2023-27706 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.

Learn more about our Cis Benchmark Audit For Desktop Software.