Landshark Information Technology

LastPass Security Flaw

LastPass Security Flaw

     LastPass is a free internet browser extension that helps users store all of their login and passwords online in one secure location. LastPass advertises itself as the last password you will ever need. As a result there are over 10 million people who use LastPass as their password manager.  Due to the nature of storing all of a users login information for a variety of websites in one location carries potential security risks due to the fact that if a breach in the application occurs all user information could become compromised. LastPass has prided itself on being very secure with 256-bit encryption, local only storage of encryption keys, and multi-factor authentication.

     Last month a google security researcher discovered a bug with LastPass that was causing the leak of user login information. Travis Ormandy tweeted "LastPass could leak the last used credentials due to a cache not being updated. This was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!".

     LastPass security engineer Ferenc Kun posted an update about the vulnerability stating "To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times. This exploit may result in the last site credentials filled by LastPass to be exposed.". In the post by Kun it is stated that the bug has been patched and the security exploit is no longer an issue. 

     All users who use LastPass as their password manager are recommended to update the application and their web browser to the latest version in order to avoid any issues with this bug.

     

Sign up for our newsletter!