https://github.com/bitwarden/desktop/issues/552 Downloads and execs unexamined c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

sneak on Aug 27, 2021 | parent | context | favorite | on: The rise of user-hostile software

https://github.com/bitwarden/desktop/issues/552

Downloads and execs unexamined code released by the devs, potentially backdooring your whole machine solarwinds-style.

It also divulges to MSFT (GitHub admins) all the IPs of Bitwarden users (even ones using a selfhosted API).

mishafb on Aug 27, 2021 [–]

Isn't this true for any app that has updates though?

sneak on Aug 29, 2021 | [–]

No-interaction autoupdates, yes.

This is how the solarwinds hack happened.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact