Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised?
Researchers at ETH Zurich and Università della Svizzera italiana set out to answer that question, and the answer is (unfortunately) no.
Attack paths against encrypted vaults
Cloud-based password managers store users’s passwords in a password vault, which is created and encrypted by the user’s client software by using a cryptographic key derived from the user’s master password.
The client software uploads the encrypted vault to a server run by the service provider and the provider can’t decrypt it. Only the user’s client software can: it retrieves the vault and uses the user’s master password to decrypt it locally (i.e., on the user’s device).
But, as the researchers demonstrated, attackers who manage to compromise a server that stores the password vaults can, in some cases, recover users’ passwords, fully compromise the vault, modify its contents, and more.
The researchers probed four popular password managers: Bitwarden, LastPass, Dashlane, and 1Password.
They presented 12 distinct attack scenarios against Bitwarden, 7 against LastPass, 6 against Dashlane, and 3 against 1Password.
The attacks are grouped in four categories, depending on the password manager feature they exploit:
- Key escrow (used for vault recovery, in case the user forgets their master password, or for account recovery),
- Item-level vault encryption (data items in the vault and user settings are encrypted as separate objects, and often combined with unencrypted or unauthenticated metadata)
- Credential sharing
- Backwards compatibility (to support older software client versions)
Across these categories, they found that design weaknesses – such as missing key authentication, lack of authenticated encryption, poor key separation, and legacy cryptographic support – can allow attackers who tamper with server-stored data to manipulate keys, metadata, or ciphertext.
In many cases, these flaws can lead to severe outcomes such as full vault compromise, loss of confidentiality, or loss of integrity.
Importantly, several attacks require little or no user interaction (sometimes just a login or sync) and affect multiple products studied.
“We were surprised by the severity of the security vulnerabilities,” said Prof. Dr. Kenneth Paterson, from the Applied Cryptography Group at ETH Zurich. “Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before.”
(Some) fixes are available
The researchers proposed a set of changes that can be implemented to mitigate all of these attacks, but noted vendors’ reluctance to introduce changes that would break functionality or, at worst, lead to irretrievable loss of access to vaults/passwords.
“To this aim, we propose the use of specialized password manager clients, with no functionality besides implementing a forced migration to the new vault format. This would prevent any user from losing access to their data, while preserving security for the entire user base,” the researchers advised.
The four affected vendors were appraised of the research many months before it was made public. They have since moved to fix some of these exploitable design flaws, while pointing out that others – like the verification of public key authenticity – are industry‑wide challenges that are yet to be successfuly solved.
While they all pointed out that this research was valuable to help them keep their users safe, they noted that they have found no indication that any of these attacks have been successfully leveraged to compromise their customers.
The researchers themselves noted that while most users are unlikely to be targeted via the attacks they presented, as they require considerable skills and knowledge from the attackers, but higher risk individuals and organizations might be.
“Unfortunately, we cannot exclude the possibility that our attacks were already known to advanced threat actors – after all, we have learned from the Snowden revelations that national security agencies are routinely tasked with penetrating systems like the ones we analyse and are willing to conduct active attacks on targets,” they said.
“The best mitigation for these parties is to trust that vendors will rapidly and effectively patch their systems, and here we have made real effort to engage with the affected vendors to assist them in this process.”
UPDATE (February 17, 2026, 02:00 p.m. ET):
“Our security team reviewed the paper in depth and found no new attack vectors beyond those already documented in our publicly available Security Design White Paper,” 1Password’s CISO/CIO Jacob DePriest told Help Net Security.
“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” he added.
“For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced a new capability for enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
