The developers behind popular password manager LastPass have patched a loophole that exposed your last used password. Originally discovered in August by Tavis Ormandy, a researcher from Google’s Project Zero, the security flaw allowed malicious websites to trick the browser extension into giving away credentials you entered on a previous site. LastPass says it rolled out an update for the browser add-on on September 13th, two weeks after the vulnerability was first reported by Ormandy.
While the circumstances for the bug’s misuse are limited, these activities are common on the internet and even if they affected a fraction of LastPass’ user base, it would have cost thousands of users their sensitive data. “We quickly worked to develop a fix and verified the solution was comprehensive with Tavis. We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically,” the company added in a blog post.
Credits:
https://www.digitaltrends.com/web/lastpass-password-manager-security-bug-update-credentials/
No comments:
Post a Comment