A Password-Exposing Bug Was Purged From LastPass
Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension. He also described three other weaknesses he found in the extensions, including: the handle_hotkey didn't check for trusted events, allowing sites to generate arbitrary hotkey events; a bug that allowed attackers to disable several security checks by putting the string "https://login.streetscape.com" in code; a routine called LP_iscrossdomainok that could bypass other security checks. "To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times," LastPass representative Ferenc Kun wrote. On the whole, I still recommend most people use password managers unless they devise another technique to generate and store strong passwords that are unique to every account.
Discover Related
Google Apologises For Chrome Password Manager Bug That Left 15 Million Users Blank
One Tech Tip: What to do when you have too many passwords to remember
Using Password Managers On Your Phone? Security Experts Have THIS Warning
Security warning over cryptocurrency wallets protected with LastPass passphrase
Millions of passwords stolen from LastPass earlier than company disclosed: Report
Explained | What are password managers, and can they be hacked?
Google Is Changing The Way Its Password Manager Works On Chrome And Android: All Details
How to boost your digital security with password managers
The Best Password Managers to Secure Your Digital Life
Get a Password Manager. No More Excuses
Ad firms use browser password managers to track users