In June 2026, three events reignited the debate on the real guarantees of "zero-knowledge" managers: an academic study from ETH Zurich and Aalto University maps 25 attacks exploitable if the server is compromised, a breach at LastPass transits through a third-party CRM, and a DEF CON 33 researcher demonstrates the hijacking of autofill via clickjacking. Here is the concrete impact of these three events on the ARDNTECH architecture, without marketing rhetoric.
Published on 23 June 2026 by ARDNTECH EI · Internal analysis based on the public disclosures
A theft of OAuth tokens at Klue (a sales intelligence tool integrated with Salesforce) gave access to the contact data of LastPass customers. The encrypted vaults were not exposed. The real risk is targeted phishing based on a contact list stolen at a peripheral subprocessor, not the compromise of the cryptographic core.
Takeaway : zero-knowledge protects the vaults, not the metadata held by third parties.
Matteo Scarlata and his co-authors (relayed by Ars Technica) map 25 attacks showing that the "zero-knowledge" guarantees of Bitwarden, Dashlane and LastPass degrade if the server is compromised and certain opt-in features are active: account recovery, sharing via public key distribution, cryptographic backward compatibility (KDF downgrade).
Takeaway : a formally correct ZK must withstand the scenario of a compromised server, not just an honest administrator.
Marek Tóth demonstrates that the autofill of 11 managers can be triggered by an invisible overlay. A single click on a fake cookie banner is enough to fill the fields of a page controlled by the attacker. The surface affected is the DOM injection logic of the extension, not the server-side vault.
Takeaway : the browser extension is an attack surface distinct from the server, to be hardened independently.
The study targets three families of features that, on a compromised server, weaken the ZK guarantees. Here is their correspondence in the ARDNTECH architecture.
| Study vector | ARDNTECH architecture | Verdict |
|---|---|---|
|
Account recovery
Copy of the vault key stored server-side, usable if the server is compromised |
The wrap is produced client-side (Argon2id) from a recovery code that only the user holds. The server stores opaque wraps: it cannot re-derive the key. Consumed with immediate scrub. | Sound |
|
Cryptographic downgrade
Force a client to use a weaker algorithm during the recovery wrap |
Blocked server-side: an inspection component parses the actual armor (SKESK v6, S2K Argon2id, AEAD present, floor costs). A tampered client that downgrades is rejected and forced into a reactivation. | Neutralised |
|
Public key substitution on sharing
The server serves its own key in place of the recipients |
The server exposes the public key + fingerprint of the recipient. A June 2026 fix (extensions repo) covers client-side verification. Residual point: ensuring that a key change of a known contact triggers an explicit alert. | Under verification |
|
Admin recovery keys (LastPass type)
A group admin can re-encrypt a users vault server-side |
ARDNTECH has no server-side "break-glass admin" mechanism that would re-encrypt a users vault key to an admin key. Team sharing goes solely through the teams public key and its fingerprint. | Sound by design |
Synthesis : a compromised ARDNTECH server does not allow decryption of the recovery wraps - they are opaque, derived client-side from a secret the server does not hold, and the KDF downgrade is refused at registration. These are precisely the scenarios exploited in other managers by the ETH/Aalto study. They are closed here by architectural choices documented in the threat model.
Tóths research targets the DOM injection logic of extensions. Autofill and autologin are the surfaces concerned. The server-side vault is not at fault - it is the extension filling the fields that can be tricked. The following points are being audited in the ARDNTECH extension.
visibility:hidden, near-zero size or covered element (hit-testing of the click point).window.top === window.self or same origin.z-index, visibility re-check at the moment of the click.A sound cryptographic core can be bypassed by the peripheral SaaS stack. The LastPass vaults did not move, but a contact list was stolen at a third-party CRM integrator.
The current subprocessors of ARDNTECH (Scaleway, Brevo, Stancer, HIBP, Bugsink) are framed in the register published on the Trust page. Zero-knowledge protects the vaults, not a contact list in an unlisted third-party CRM.
Rotation of third-party integration tokens, minimal scopes, immediate revocation in case of incident. Access to peripheral systems must not allow a mapping of customers to be reconstructed.
Verifiable zero-knowledge, hosted in France, AGPLv3 source code. The private beta is accessible on sign-up.