From 45d0e90607b6be124ec360c51b11b0b919b37e70 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 2 Sep 2025 13:09:03 +0200
Subject: [PATCH] Disallow biometric key over IPC (#16161)

---
 .../src/platform/main/desktop-credential-storage-listener.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts b/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts
index 6922911e367..ac049f0731b 100644
--- a/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts
+++ b/apps/desktop/src/platform/main/desktop-credential-storage-listener.ts
@@ -20,6 +20,11 @@ export class DesktopCredentialStorageListener {
           serviceName += message.keySuffix;
         }
 
+        // Biometric is internal to the main process and must not be exposed via IPC
+        if (serviceName == "Bitwarden_biometric") {
+          return;
+        }
+
         let val: string | boolean = null;
         if (message.action && message.key) {
           if (message.action === "getPassword") {