users.equivalent_domains field is cleartext in the database #1400
Replies: 5 comments
-
I don't know if that would help that much. If a user has favicon enabled this exposes that same information. If you want to avoid this, then you are probably better off by just adding those domains to the specific ciphers as an add URL. Also, this is something upstream doesn't encrypt either, else they would have encrypted it before sending it to the backend server. |
Beta Was this translation helpful? Give feedback.
-
@BlackDex yeah, I assumed upstream wouldn't have encrypted this either as obviously the protocol itself has this information passed in the clear. One of the big differences between this and the favicons feature is that the latter is documented that it has privacy implications, and takes you to a page explaining what they are. Again I know the frontend is entirely different, but in case you have some latitude as to what's displayed, or at the very least documenting it somewhere -- or perhaps this very issue will serve as that documentation (because I searched before I opened it :)). |
Beta Was this translation helpful? Give feedback.
-
It would be better to request this at https://community.bitwarden.com/c/feature-requests/5 so any changes benefit all Bitwarden users. |
Beta Was this translation helpful? Give feedback.
-
Well, we have a wiki. Feel free to add or update the documentation to contain this. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the tips guys. I'll definitely add something to the wiki this week. |
Beta Was this translation helpful? Give feedback.
-
Subject of the issue
users.equivalent_domains
is cleartext in the database which could leak information about sites users visit (under the assumption that users will enter domains here that they visit).Your environment
Expected behaviour
The field should be encrypted and opaque to the admin, or if this data is required to be cleartext for some backend functionality to work, that should be documented somewhere, and ideally there should be a big warning box on the front end where this is configured saying this information shouldn't be considered private.
(Though as the web client isn't your code I'm not sure if this is feasible, but it's certainly preferable of possible.)
Actual behaviour
The field is stored in plaintext and users would incorrectly assume, given the rest of Bitwarden's security posture, that anything they enter there would be encrypted on the backend.
Beta Was this translation helpful? Give feedback.
All reactions