> However this 5 guesses limit is enforced completely within the client's logic: it relies on the attacker using the official Bitwarden client.
I'd guess a software engineer working on that part of a security system would probably consider that, while the implementation approach for that part was being decided.
If so, why did it happen anyway? Did they communicate the weakness to users?
I'd guess a software engineer working on that part of a security system would probably consider that, while the implementation approach for that part was being decided.
If so, why did it happen anyway? Did they communicate the weakness to users?