LastPass Fixes a bug that could let Malicious website Extract your last used Password

LastPass has released details of a vulnerability on the platform that exposed credentials used on a previous website. ZDNet reported that the bug was discovered by a security researcher Tavis Ormandy who is part of Google’s Project Zero project – Google’s elite security and bug hunting team last month. The bug relies solely on executable JavaScript code and needs no user interaction to do its job.

According to Ormandy, an attacker could hide a malicious link behind a Google Translate users, tricking users to visiting the link then he/she can now be able to extract credentials used on the last site.

I think it’s fair to call this “High” severity, even if it won’t work for *all* URLs,” Ormandy wrote in Google’s Project Zero reporting site.

If you use LastPass as your password manager, there is no need to worry now. LastPass stated they have already patched the vulnerability. You are advised to update to the latest version 4.33.0, which was released last week on September 12. The update is both available for Chrome, Firefox, Safari, Edge, Internet Explorer and Opera.

To view your extension version, navigate to your browser extension manager page and tap on LastPass. Below the app’s description, you will be able to see the version as well.

Keep in mind that the researcher has published the details of the security bug already, which guides any malicious actors who want to sniff on your passwords.

Does that make Password Managers Bad?

If you are not using a password manager already, it is still advisable to use one. Although Password managers, just like any other software programs, are also vulnerable to attacks. But from a security perspective, they can save you a lot in your struggles to empress secure and strong passwords.

Follow us on TelegramTwitterFacebookor subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.

Facebook Comments

[TechTrends Podcast] Connectivity in Africa ft Africa Data Centres MD Dan Kwach

Alvin Wanjala

Alvin Wanjala has been writing about technology for over 2 years. He writes about different topics in the consumer tech space. He loves streaming music, programming, and gaming during downtimes.

Have anything to add to this article? Leave us a comment below

Back to top button