LastPass

Even password manager LastPass can be fooled. A Google security researcher has found a way to remotely hijack the software.

It works by first luring the user to a malicious site. The site will then exploit a flaw in a LastPass add-on for the Firefox browser, giving it control over the password management software.

[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

LastPass wrote about the vulnerability on Wednesday and said that a fix is already out for Firefox users.

Google security research Tavis Ormandy first discovered the issue. When examining the password manager, he tweeted on Tuesday, "Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap."

Any vulnerability with LastPass could pose a big risk for users. The popular software is supposed to securely store and autofill all the passwords users have for their different sites.

Ormandy isn't the only security researcher to find flaws with the password manager. On Wednesday, Mathias Karlsson at Detectify Labs said that he had also managed to hack LastPass -- in this case, to steal user passwords.

He did so by exploiting a bug in the password manager's Chrome browser extension, Karlsson
InfoWorld Security

Oct 16 2015   4:45PM GMT

Ken Harthun Ken Harthun Profile: Ken Harthun

Tags:

Thanks! We'll email you
when relevant content is
added and updated.

Following

Follow

LastPass

Thanks! We'll email you
when relevant content is
added and updated.

Following

Follow

Security

Gosh, I’ve been busier than a centipede on a tightwire and now this. The big news last week is that LastPass was purchased by LogMeIn. LastPass is the #1 rated password manager that I have used for years. This caused quite a stir with many of its users, given LogMeIn’s not-favorable reputation after removing free account support from products in 2014 and starting to cross-sell products to increase revenue.

Thanks to an        


Security Corner