Breaking News

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025 Silicon Power Launches WP10 Magnetic Wireless Power Bank Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

LastPass Corrects Bug That Could Potentially Expose Millions of Users to ‘Last Password’ Credential Leak

LastPass Corrects Bug That Could Potentially Expose Millions of Users to ‘Last Password’ Credential Leak

Enterprise & IT Sep 16,2019 0

Google Project Zero has found a credential leaking vulnerability in the LastPass password manager.

Security analysts at Google's Project Zero team typically report to the vendor concerned and start a 90-day countdown for a fix to be issued before full public disclosure is made.

Project Zero disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as LastPass could leak the last password used to any website visited.

LastPass is in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses.

In a tweet, Google Project Zero analyst Tavis Ormandy stated that "LastPass could leak the last used credentials due to a cache not being updated," adding "this was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!"

Google's report revealed "a limited set of circumstances on specific browser extensions that could potentially allow an attacker to create a clickjacking scenario," Ferenc Kun, the security engineering manager for LastPass.

No user action is required and your LastPass browser extension will update automatically, according to Kun.

Additionally, while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, LastPass says it has deployed the update to all browsers.

As a reminder LastPass continues to recommend the following general best practices for added online security:

  • Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
  • Always enable MFA for LastPass and other services like your bank, email, Twitter, Facebook, etc. Adding additional layers of authentication remains the most effective way to protect your account.
  • Never reuse your LastPass master password and never disclose it to anyone, including us.
  • Use different, unique passwords for every online account.
  • Keep your computer malware-free by running antivirus with the latest detection patterns and keeping your software up-to-date.

Tags: bugsCybersecurityLastPass
Previous Post
OnePlus 7T to Debut October 10
Next Post
Volkswagen to Invest $9 Billion in Software

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

  • Microsoft Shares Threat Intelligence During Global Crisis

Latest News

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance
PC components

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025
Enterprise & IT

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

Silicon Power Launches WP10 Magnetic Wireless Power Bank
Consumer Electronics

Silicon Power Launches WP10 Magnetic Wireless Power Bank

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro
PC components

Razer Unveils the Ultra-Lightweight DeathAdder V4 Pro

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.
Cameras

Sony launches a high-resolution shotgun microphone with superior sound quality and compact design.

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed