• Herbal Gamer
    link
    fedilink
    English
    arrow-up
    6
    ·
    10 months ago

    if I’m entering my details on a phishing website anyway, it shouldn’t really matter wether or not I typed it in or used Autofill, right?

    • cron@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      10 months ago

      There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.

      I don’t think that this is a very likely attack, but at least in theory this could work.

      Edit: Bitwarden protects against such attacks:

      The auto-fill menu will only fill credentials when a user selects a form field they want to interact with. This protects users from potentially malicious form fields or web pages and ensures sensitive information will never be populated without user knowledge.

      • 4am@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        10 months ago

        If an attacker can control the content delivered from a valid domain’s web server, nothing at all is going to protect you.