Bitwarden’s Windows Hello implementation allowed hackers to remotely steal all credentials from the vault without knowing the password or requiring biometric authentication. The issue has been corrected in the latest version of Bitwarden. During a penetration test, the hackers gained administrative access to the domain controller and discovered that passwords were stored using Bitwarden. They attempted various methods to crack the vault and eventually found that they could decrypt the vault using the DPAPI Backup keys stored on the domain controller. This allowed them to bypass the need for a master password and gain access to the vault remotely.
https://blog.redteam-pentesting.de/2024/bitwarden-heist/