Password managers' promise that they can't see your vaults isn't always true - Ars Technica

This article from Ars Technica discusses how the promise of password managers that they can't see your vaults isn't always true. The article explains that a server compromise can mean game over for users. The article goes on to explain that researchers from ETH Zurich and USI Lugano have identified ways that someone with control over the server can, in fact, steal data and, in some cases, entire vaults. The researchers devised other attacks that can weaken the encryption to the point that ciphertext can be converted to plaintext. The researchers said in interviews that multiple other password managers they didn't analyze as closely likely suffer from the same flaws.