We have discovered a flaw in 1Password, the issue seems to be that a user can copy the contents of the 1Password app data folder in windows and paste it on another machine and effectively have access to all the vault (with the master password).
The issue here is that it skips the requirement of entering the hostname and secret key then validating it.
A user could then access all the vaults offline without knowing the secret key neither is it going to go back to the 1Password servers to validate if the user still has access or if the key/vault is still valid.
1Password Version: 7.3.712
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided