← Back to context Comment by ronnier 17 hours ago Yeah if an attacker was able to insert javascript then it's possible. 3 comments ronnier Reply blr_lpm 16 hours ago For this particular threat vector, where the client is compromised, the backend doesn’t matter. franga2000 14 hours ago A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though. 9cb14c1ec0 12 hours ago Which is only possible if logging into the web client and not when using the bitwarden desktop app or browser extensions.
blr_lpm 16 hours ago For this particular threat vector, where the client is compromised, the backend doesn’t matter. franga2000 14 hours ago A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.
franga2000 14 hours ago A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.
9cb14c1ec0 12 hours ago Which is only possible if logging into the web client and not when using the bitwarden desktop app or browser extensions.
For this particular threat vector, where the client is compromised, the backend doesn’t matter.
A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.
Which is only possible if logging into the web client and not when using the bitwarden desktop app or browser extensions.