![]() The password manager developer has experience with Ormandy after he found another flaw in its code last year that could compromise a punter’s passwords just by visiting the wrong website. This LastPass Hacked issue is a pretty major vulnerability for a company that is supposed to make your passwords MORE secure, not leak them to any malicious site that has also figured out the same stuff Tavis spotted.Īfter advocating password managers for a long time, this is not a good look. A victim must have the binary component of LastPass installed to be vulnerable to this attack. A malicious website could exploit this hole to drop malware on a visiting machine. The script can also be abused to execute commands on the victim’s computer – Ormandy demonstrated this by running calc.exe simply by opening a webpage. The weak LastPass script uncovered by Ormandy can be tricked into granting access to the manager’s internal mechanisms, which is rather bad news. However, due to the discovered vulnerabilities, simply browsing a malicious website is enough to hand over all your LastPass passphrases to strangers. It provides browser extensions that connect to your LastPass account and automatically fill out your saved login details when you surf to your favorite sites. LastPass works by storing your passwords in the cloud. He found that the LastPass Chrome extension has an exploitable content script that evil webpages can attack to extract usernames and passwords. The programming cockups were spotted by Tavis Ormandy, a white-hat hacker on Google’s crack Project Zero security team. Password vault LastPass is scrambling to patch critical security flaws that malicious websites can exploit to steal millions of victims’ passphrases. ![]() It’s a shame Passpack isn’t being updated actively as architecturally it seems like a much better product, the UI is shit though and it’s buggy for managing mass user accounts. ![]() I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a company protecting millions of people. ![]() LastPass Hacked – Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |