Lastpass browser extension issues6/27/2023 ![]() ![]() LastPass is not currently asking users to update any passwords. (Ormandy reported multiple vulnerabilities, although the company said they are “largely the same.”) The company issued a fix before the vulnerability was publicly revealed, and says updates for users should be applied automatically. LastPass, in a short blog post released today, explained that the issue was related to an experimental feature on all LastPass browser clients. By exploiting the problem, a hacker could obtain access to privileged LastPass commands - including “the obviously bad ones,” such as “copying and filling in passwords (copypass, fillform, etc).” In an outline of the problem, Ormandy explains that a coding flaw allowed anyone to “proxy” unauthenticated messages to a LastPass browser extension. On Monday, Google researcher Tavis Ormandy reported the vulnerability in the popular password management tool. A hacker could have accessed “obviously bad” LastPass commands
0 Comments
Leave a Reply. |