If you’re using a password manager, you’re already on a great track towards owning your own cybersecurity. If not, should strongly consider using one. However, nothing’s perfect and threat actors are always searching for new and creative ways to steal your data. Many password managers out there offer the option to save credentials for sites using “wildcard” or dynamic URLs. This means that ‘google.com’ is equal to ‘www.google.com’ and ‘mail.google.com.’
This can provide a high level of convenience, making it easy to split one identity across services hosted by the same provider. However, with the advances in modern identity architecture, this methodology is becoming increasingly unnecessary and can leave you exposed to certain attacks.
In a recent article from Bleeping Computer illustrates an attack against the popular password manager Bitwarden. In this attack, threat actors take advantage of wildcard configuration settings, allowing them to use a frame to steal your credentials in a hidden fashion. A “frame” is a tool used on web content that allows developers to embed content from other sources (like YouTube). When used maliciously in combination with certain vulnerabilities, frames can become a highly effective tool for data theft.
Action: To better protect your sensitive data, take a look at your password manager’s settings with specific attention to domain matching. Your password manager’s help documentation should point you in the right direction.