During a penetration test for a customer, we briefly assessed Vaultwarden, an open-source online password safe. In June 2024, the German Federal Office for Information Security (BSI) published results1 of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during our assessment. However, a quick … Continue reading Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 - CVE-2024-55225