Nothing is impenetrable: this cyber attack targets your password manager

Password managers are great tools to improve our digital hygiene. Similarly, A real digital safe that allows you to put in place everything we have most dear in this virtual world. Consequently, namely our passwords, our identifiers, our passkeyes and sometimes even our bank details.

Only here. In addition, as Danny Ocean already proved in 2001, no safe is impenetrable, and password managers do not derogate from this rule.

nothing impenetrable: this cyber attack

Back to Las Vegas. However, in August 2025 this time, where Marek Toth, an independent cybersecurity researcher, unveiled during the Hacking Defcon conference, his research work highlighting an attack capable of stealing the information stored in password managers. Furthermore, All in one click, thanks to a clickjacking technique. In addition, This process could exhibit more than 40 million users around the world.

How does clickjacking work? – Nothing impenetrable: this cyber attack

To set up such an attack, the attacker must first compromise a site or create a fraudulent.

Then. by acting on the display and opacity parameters of the automatic filling windows of password managers, the cybercriminal can then make the box invisible to the naked eye.

This step carried out. it only has to create a “pretext” window, such as a pop-up of cookies, and superimpose the automatic filling window made transparent. The user then believes click to close the window. accept a message: in reality, his click starts the automatic filling in a form controlled nothing impenetrable: this cyber attack by the pirate, which recovers the precious information.

No alert appears. Sometimes a single click is enough on the trapped page so that the data is stolen without the user’s knowledge. The attack can therefore operate on conventional identifiers only on double authentication codes. bank details recorded in the password manager.

The researcher has also demonstrated the possibility of using a method where the user interface follows the mouse cursor. so that any user click, regardless of where it is positioned, triggers automatic data filling.

What password managers are concerned?

The Socket Cybersecurity Company has checked and supported the Marek Toth work. The company also contacted the competent American authorities to officially record this type of vulnerability.

In terms of password manager, the reactions are more mixed. If companies like Dashlane. Nordpass, Protonpass or Keeper have made fixes in their latest updates, other applications like 1Password reject the report. nothing impenetrable: this cyber attack The Canadian company judges the work of informative Marek Toth. but believes that this relates to a general risk on the web.

The researcher informed all suppliers of the problems in April 2025, several months before presenting these conclusions publicly. While waiting for fixes to be available. Marek Tóth recommends users to deactivate the automatic filling function in their password managers and only use copy/paste. Another solution to solve this problem: the establishment of a confirmation dialog box before automatic filling.

Currently, the following password managers are always vulnerable to the methods of attack by Clickjacking:

• 1Password 8.11.4.27
• Bitwarden 2025.7.0 (fixes implemented in the 2025.8.0 version)
• ENPASS 6.11.6 (Partial correction implemented in 6.11.4.2)
• ICloud 3.1.25 passwords
• LastPass 4.146.3
• LogMeOnce 7.12.4