Breaking News

HTC Unveils the More Affordable Exodus 1s Cryptophone Facebook's News Tab to Feature News Corp Headlines AT&T Increases AT&T TV Now Prices Up to 30 Percent China Surveillance Giant Hikvision Warns of Losses After U.S. Curbs Huawei In Talks With U.S. Companies Over 5G Licensing Deal: report

logo

LastPass Corrects Bug That Could Potentially Expose Millions of Users to ‘Last Password’ Credential Leak

LastPass Corrects Bug That Could Potentially Expose Millions of Users to ‘Last Password’ Credential Leak

Enterprise & IT 0

Google Project Zero has found a credential leaking vulnerability in the LastPass password manager.

Security analysts at Google's Project Zero team typically report to the vendor concerned and start a 90-day countdown for a fix to be issued before full public disclosure is made.

Project Zero disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as LastPass could leak the last password used to any website visited.

LastPass is in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses.

In a tweet, Google Project Zero analyst Tavis Ormandy stated that "LastPass could leak the last used credentials due to a cache not being updated," adding "this was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!"

Google's report revealed "a limited set of circumstances on specific browser extensions that could potentially allow an attacker to create a clickjacking scenario," Ferenc Kun, the security engineering manager for LastPass.

No user action is required and your LastPass browser extension will update automatically, according to Kun.

Additionally, while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, LastPass says it has deployed the update to all browsers.

As a reminder LastPass continues to recommend the following general best practices for added online security:

  • Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
  • Always enable MFA for LastPass and other services like your bank, email, Twitter, Facebook, etc. Adding additional layers of authentication remains the most effective way to protect your account.
  • Never reuse your LastPass master password and never disclose it to anyone, including us.
  • Use different, unique passwords for every online account.
  • Keep your computer malware-free by running antivirus with the latest detection patterns and keeping your software up-to-date.

Related Posts

0 Comments

Leave a Reply

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

BBCode

  • No HTML tags allowed.
  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [define], [font], [h1], [h2], [h3], [h4], [h5], [h6], [hr], [i], [img], [justify], [left], [list], [node], [php], [quote], [right], [s], [size], [sub], [sup], [u], [url], [wikipedia], [youtube], [align], [link], [ol], [ul]
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.