LastPass Password Manager Leaves User’s Passwords at Risk

A Google Project Zero researcher has found a host of issues with LastPass.

On their homepage, LastPass promises to “lock your passwords in a vault”. They go even further to promise, “Not only is your vault locked with a password that’s never shared with LastPass, we use bank-level encryption to scramble your data for secure transfer and storage. We go beyond industry standards to keep your data safe.” Unfortunately, their promises aren’t currently holding true.

Google Project Zero researcher Tavis Ormandy has discovered a host of security vulnerabilities within the software. LastPass previously closed a remote code execution vulnerability within their Chrome extension, however several issues still remain within it’s Firefox extension. Not only that, there is yet another vulnerability which has yet to be revealed, but allows the theft of user’s passwords. …

Source: LastPass Password Manager Leaves User’s Passwords at Risk – UTB Blogs


Leave a Reply