Jump to content

Google Finds New Bug in Last Pass


Recommended Posts

Researcher Tavis Ormandy of Google's Project Zero has found his third Last Pass vulnerability this month, and described it as "a major architectural problem." A proof-of-concept exploit was created and sent to Last Pass by Ormandy, who was thanked by the company in a blog post. The exploit "makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program," but Last Pass has declined to "disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties." While password managers are able to help increase security for users by generating different, complex passwords for all of the sites a user visits, they seem to be an increasing target for malicious users.

Source: Ars Technica

Back to original news post

Share this post

Link to post
Share on other sites

  • Create New...