Friends, what about the security issue. Vaultwarden has a problem. When you give a person access to a collection of passwords, and then you need to take away this access from a person. For example, a person uses a browser plugin or an Android application. Synchronization occurs only after a certain period of time, or if a person enters a plug-in or application without an Internet connection. Then he will see all the flogged, because the synchronization has not passed. It turns out that the passwords were taken from the person, and he has access to these passwords. The same situation occurs if this person is deleted or disabled, synchronization will not work, but he can go into the application or plugin and see this entire collection of passwords. Is there any solution to this problem?
You can (and probably should) change all passwords a user had access to via an organization anyway because even without explicit read access there’s no guarantee the password could not be viewed by a user.
There is logic in this. Of course, a person could save passwords in advance, and if they are erased from him, they will remain where he saved them. But there are situations when it is enough to close access to them. If anyone has any more ideas, I’d be glad. Thank you.
If you give access to secrets (passwords) to anyone, there’s nothing preventing them from just copying/memorizing/printing/saving them somewhere else, so basically you lose control, and there’s nothing you or vaultwarden can do about this.