Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
Short version: Windows Hello and AD failed as designed. The domain controller can recover secrets “protected with biometrics”. The DC was compromised in the scenario.
Bitwarden implements biometrics now differently on Windows, keeping the domain controller out of the loop.
Short version: Windows Hello and AD failed as designed. The domain controller can recover secrets “protected with biometrics”. The DC was compromised in the scenario.
Bitwarden implements biometrics now differently on Windows, keeping the domain controller out of the loop.