Password manager infested by bugs

      Comments Off on Password manager infested by bugs

Password manager infested by bugsWhite hat hacker Tavis Ormandy has unearthed two serious vulnerabilities in LastPass, the cloud-based password management service. Ormandy, who is a member of Google’s crack Project Zero security team, found that both the LastPass Chrome and Firefox extensions have exploitable content script that malicious webpages can attack to extract usernames and passwords.

If a user so much as browses a dodgy website, their passwords and login details can be nabbed. Furthermore, if a potential victim has installed the binary component of LastPass, a rogue site can use the flaw to deposit malware – simply by deploying two lines of JavaScript code.

LastPass has welcomed Ormandy’s tip-off and insists that no data has been lost or compromised and that all holes are now filled. Still, users are encouraged to download the latest version just to make sure – we had to temporarily de-install/remove the Chrome extension and simply re-installed it. Easy enough.

Read more at https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/ and http://www.ibtimes.co.uk/lastpass-probes-firefox-chrome-bugs-that-could-be-exploited-steal-passwords-1613077

Share