Shame they didn’t also test Proton Pass 
There is no Zero Knowledge encryption. It simply doesn’t exist.
The term term Zero Knowledge comes from the Zero Knowledge Proof (ZKP).
And ZKP are used in authentications with IDPs and not encryption.
As far as I saw Proton Pass doesn’t say Zero Knowledge instead they say Zero Access.
Maybe thats the reason.
How do you mean that?
This article is kinda clickbait. They conveniently gloss over the fact that the entire research paper is based on a fully malicious server threat model. If a password manager’s server is already compromised to that level, you are in trouble regardless of the encryption specifics.
They buried the most important information at the very bottom, these holes are already plugged. Bitwarden addressed the findings, Dashlane patched this back in 2025, and LastPass has already implemented hardening fixes. (That said, still don’t ever use LastPass.)
True zero knowledge is hard to perfect, and the vulnerability here relied on tricking the client app into trusting the server too much. The fixes effectively restore that security by forcing the client to verify server behavior much more strictly.
There is simply no zero knowledge encryption. This term doesn’t exist and probably was made up by the PR.
There is E2EE, client-side encryption, transit encryption, server side encryption. However Zero Knowledge encryption does not exist.
I think Zero Knowledge is another term for E2EE, focusing on the aspectsl that the provider don’t get the unencrypted data
Still the term was made up. This is not a technical term in the aspect of encryption.
It is impossible to provide a Zero Knowledge encryption, because it would mean that even to provide doesn’t know if you have data on his server or not. The so-called “Schrödinger Data”.
I don’t think that anybody believes the provider doesn’t know that their is data on the server.
But the provider could let you sign up without any unnecessary data (only username + password) and pay with crypto/giftcards
I don’t think that anybody believes the provider doesn’t know that their is data on the server.
I understand what you mean, but still the term doesn’t make sense and was made up.
Disclosure. We disclosed our findings to 1Password. Their response was that they regard them as arising from already known architectural limitations. They did not request an embargo period.
This feels very similar to how 1Password responded to Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Alternative link to whitepaper since I had trouble getting to it directly from the article.
I guess you glossed over that part of the article:
… evaluated the products under what is known as a “fully malicious server” threat model, assuming attackers had already breached the provider’s infrastructure and could arbitrarily manipulate server responses to users’ apps and browser extensions.
That’s entirely backwards. End-to-end encryption exists precisely to mitigate server compromise.
All terms are made up.
Zero Knowledge used to be a common description of E2EE before the more accurate terminology was popularized.
It’s helpful to point out the better terminology. It’s unhelpful to tut tut at people using older terminology in good faith.
@Quantum @Onscreen5341 @Colter
This seems relevant for you guys. From the abstract…
Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those vaults. The security claims made by vendors imply that this should hold even if the server is fully malicious.
Zero Knowledge used to be a common description of E2EE before the more accurate terminology was popularized.
ZKP is a thing since ~1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff, The term E2EE for cloud storage was first published around 1994 - 2004¹, the “first” bigger cloud provider who used the term Zero Knowledge encryption was around 2013 from SpiderOak.
So as you can see E2EE is actually the older term and the term used before Zero Knowledge encryption.
In addition, it should be mentioned that at some point many services used the term E2EE, but then switched to Zero Knowledge.
1: This depends on what you want to count. The first paper about actual E2EE was written in 1994 from the US government, the implementation in clouds with this term was about 2004.
Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those vaults.
I hope I can speak for @Quantum and @Colter that we know what Zero Knowledge encryption means.
My critic here is that the term is false, not technical and used by vendors who want to sound fancy and modern to describe E2EE.
I appreciate the additional background information, I did not know the further backstory.
And I probably remember Zero Knowledge as the older common term because I was once a Spider Oak customer when they were the only E2EE cloud storage available back then.
If Bitwarden is in the list I would say it is safe to assume that Vaultwarden (rewritten Bitwarden server) is also vulnerable.