LastPass fixes a bug that could reveal the latest credentials used, critical update



[ad_1]

Photo: Getty Images

LastPass has fixed a security bug that could have revealed the credentials entered on a previously visited site. But for added security, LastPass users should verify that they are using the latest version of Password Manager.

On August 29, safety researcher Tavis Ormandy discovered the bug and reported it. LastPass then released a patch last week, Sept. 12. According to LastPass, malicious actors could exploit it by luring unsuspecting users to allow them to enter a password using the LastPass icon, and then visit a compromised website. The user would then have to click several times on the page, which could cause LastPass to reveal the identification information used for the previously visited site. The bug was limited to certain browsers – Chrome and Opera, to be specific – but LastPass says that it sent the fix to all browsers.

Preview of the miniature article
Mozilla's Firefox password manager warns you when login credentials have been stolen

You can not spend hours browsing the violated data archives to see if your login credentials …

Read more Lily

Technically, you have nothing to do to receive the update. LastPass indicates that it should be applied automatically to all browser extensions. That said, who has not, on occasion, disabled automatic updates and then forgot about it? If you are a LastPass user, it is a good idea to manually check that you are running the September 12, version 44.33.0 update.

This bug does not mean that you should give up password managers either. They always play a vital role in good online safety hygiene: it's like any service, password managers are coded by fallible humans, and therefore likely to be the subject of occasional bugs. In this case, Ormandy leaked the bug to LastPass via the appropriate reporting channels. There is therefore no reason to assume that the bug was exploited in the wild. This is also a good example of why you should always use multi-factor authentication. up to use a password manager, especially for sensitive accounts.

[ZDNet]

[ad_2]

Source link