Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes
Open link in next tab
Bitwarden disclosed on HackerOne: Biometric key is stored in...
https://hackerone.com/reports/1874155
Bitwarden Desktop on Windows allows the user to enable vault unlock through Windows Hello (under File > Settings > Unlock with Windows Hello). When this is done, a "Biometric master key" is generated and stored locally inside the Windows' user credential set. This is done through the "wincred" API, in particular through the functions...