vaultwarden
/
vaultwarden-alternativa-bitwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mentioning ernw and the respective vulnerability disclosure

jsulederernw 2024-11-22 12:00:44 +01:00
parent 4589a863a3
commit d7a93be535
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Audits.md

@ -22,3 +22,10 @@ They even have a more detailed ZIP file with all raw information located here: h
As a reference you can download the report here:
- [Original - German - Vaultwarden-Passwortmanager.pdf](https://github.com/user-attachments/files/17805671/Vaultwarden-Passwortmanager.pdf)
- [Translated - English - Vaultwarden-Passwortmanager.en.pdf](https://github.com/user-attachments/files/17805672/Vaultwarden-Passwortmanager.en.pdf)
## Penetration Test by ERNW Enno Rey Netzwerke GmbH
[ERNW Enno Rey Netzwerke GmbH](https://ernw.de) assessed Vaultwarden during a penetration test for a customer in October 2024. In June 2024, the German Federal Office for Information Security (BSI) published results of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during the assessment which also focussed on other software and infrastructure. ERNW identified 3 vulnerabilities, including an authentication bypass, that were responsibly disclosed to Vaultwarden. A writeup of the vulnerabilities is described in ERNW's blog Insinuator:
- https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/