A user could be logged out and still be subject to receiving malicious code from the website they’re visiting. Making this LastPass vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.Īfter having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. This news comes on the heels of many other flaws the same researcher discovered within LastPass. Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |