Your Password Manager Promised "Zero Knowledge"—Researchers Found 25 Ways to Break That Promise

The Promise That Was Not Quite True

Password managers sell themselves on a simple guarantee: even we cannot see your passwords. It is called "zero knowledge" encryption, and it means the server only stores encrypted data that it cannot decrypt. Your master password never leaves your device.

Researchers at ETH Zurich and Universita della Svizzera italiana just tested that claim. They found 25 distinct attacks across Bitwarden, Dashlane, LastPass, and 1Password that let a malicious server recover user passwords, swap vault entries, or downgrade encryption—all without the user knowing.

These four services collectively protect over 60 million users and approximately 125,000 businesses.

What the Researchers Actually Found

The team set up a test server that mimicked a malicious operator and examined what each password manager would leak under those conditions. The results were broken into four attack categories:

• Key escrow attacks exploited account recovery mechanisms in Bitwarden and LastPass to compromise vault confidentiality. When an admin resets a user's password, the server can intercept the recovery process and extract the encryption keys.
• Item level encryption flaws allowed metadata leakage, field swapping between vault entries, and key derivation function downgrades. In some cases, attackers could replace the URL stored alongside a password, redirecting users to phishing sites when they auto filled credentials.
• Sharing feature exploits compromised vault integrity through shared access mechanisms. When users share passwords with colleagues, the handoff process created openings for a malicious server to inject or extract data.
• Backwards compatibility attacks leveraged legacy code to downgrade encryption in Bitwarden and Dashlane, forcing weaker cryptographic protections on vaults that should have been using modern standards.

Bitwarden had the most vulnerabilities with 12 attacks. LastPass had 7. Dashlane had 6. 1Password was also affected, though the company said these were "already known architectural limitations."

Why "Zero Knowledge" Does Not Mean "Zero Risk"

The core issue is that password managers deliver code to your browser, and that code is controlled by the server. If the server is compromised, a breach at the provider, a rogue employee, or a government subpoena forcing cooperation, the JavaScript running in your browser can be modified to leak your master password or vault contents.

The researchers put it bluntly: "Despite vendors' attempts to achieve security, we uncover several common design anti patterns and cryptographic misconceptions that resulted in vulnerabilities."

This does not mean password managers are useless. They remain far better than reusing passwords across sites. But the "zero knowledge" marketing creates a false sense of invulnerability that these findings directly challenge.

How Each Vendor Responded

Dashlane patched a cryptography downgrade vulnerability in version 6.2544.1 (November 2025) that could have compromised weak master passwords and individual vault items.

Bitwarden confirmed addressing issues, with seven resolved or in active remediation and three "accepted as intentional design decisions necessary for product functionality."

LastPass said it is "actively working to add stronger integrity guarantees" and plans to harden admin password reset and sharing workflows.

1Password stated it found no new attack vectors beyond those already documented in its Security Design White Paper and emphasized its use of Secure Remote Password authentication.

There is no evidence any of these vulnerabilities have been exploited in active attacks.

What This Means for You

If you use Bitwarden, Dashlane, LastPass, or 1Password, update to the latest version immediately. The vendors have patched or are patching the most critical issues.

Beyond that, here is what security professionals recommend:

• Use a strong, unique master password that you do not reuse anywhere else
• Enable two factor authentication on your password manager account
• Be cautious with password sharing features, especially in enterprise environments
• Consider whether a locally hosted password manager like KeePass removes the server trust problem entirely
• Review your account recovery settings since these were the most exploited attack surface

The Bigger Picture

This research is part of a growing body of work showing that "encrypted" and "private" are not the same thing. Companies can promise end to end encryption while still having architectural decisions that undermine those promises in practice.

The same pattern plays out across email, messaging, and cloud storage. The encryption is real, but the implementation details, how keys are managed, how recovery works, how sharing is handled, create gaps that a sophisticated attacker can exploit.

Password managers are still one of the most effective tools for protecting your accounts. But trusting any single service with all your credentials requires understanding what "zero knowledge" actually guarantees, and what it does not.