Watchtower - Check for Vulnerable Passwords - (Broken) Entry Causes Confusion

m33x
m33x
Community Member
in Desktop betas (Mac, Windows, and Linux)

I was shocked when I first saw this vulnerability report. The only attacker model fitting this alert was some sort of keylogging malware on my Mac. Fortunately, it's a bug in 1Password.

While the password displayed (and the strength meter) operate on JqZDLb23ipuzv3WwVwXw the underlying password that is send to HIBP and is copied to the clipboard after clicking on it is just master (the original password that I upgraded sometime in 2018).

1Password Version: 8.7.0 (80700041)
Extension Version: 2.3.3
OS Version: macOS 12.3.1

Comments

  • PeterG_1P
    PeterG_1P

    Hello @m33x, thank you for informing us. 👍 I have passed it on to our development team for further assessment. We appreciate you letting us know what you found!

This discussion has been closed.