Critical LastPass security hole would allow hackers to steal your passwords
LastPass, the online service that keeps your passwords safe behind one master password, is currently not nearly as secure as it should be.
According to Google's vulnerability researcher Tavis Ormandy, there's at least one unpatched vulnerability in LastPass that allows attackers to steal passwords "from any domain."
SEE ALSO:Change this security setting on WhatsApp right nowOrmandy recently reported a few other LastPass bugs, including vulnerabilities in the LastPass add-ons for Firefox and Chrome.
I found another bug in LastPass 4.1.35 (unpatched), allows stealing passwords for any domain. Full report will be on the way shortly. pic.twitter.com/9VkV7R3vud
— Tavis Ormandy (@taviso) March 21, 2017
One security vulnerability, described in detail by Ormandy here, not only allows for an attacker to steal passwords, but -- in certain circumstances -- it can also be used to run arbitrary code on the victim's computer.
On Tuesday, LastPass announced that that particular issue has been resolved, but on Wednesday, the company acknowledged that there is an unpatched bug in its Firefox add-on.
The issue reported by Tavis Ormandy has been resolved. We will provide additional details on our blog soon.
— LastPass (@LastPass) March 21, 2017
We are aware of reports of a Firefox add-on vulnerability. Our security is investigating and working on issuing a fix.
— LastPass (@LastPass) March 22, 2017
Replying to a commenter to Tuesday's tweet, LastPass said that users needn't do anything at this point. However, the company still hasn't published anything on its official blog regarding these new security holes.
While no software is safe from security holes, vulnerabilities that affect password managers such as LastPass are particularly worrisome, as these services safeguard users' entire password collections. Especially when they come in droves, as they do these days.
This is not the first serious security issue LastPass has encountered. The service got hacked in 2011 and again in June 2015. And in 2013, a bug caused some users' Internet Explorer passwords to get exposed to the public.
UPDATE: March 22, 2017, 6:52 p.m. CET LastPass responded to our query by pointing us to their freshly published blog post, here. In the post, the company says it has worked with Ormandy to investigate and fix these vulnerabilities. The company claims it has fixed all issues now, and patches will be applied automatically for most users. According to LastPass, there is no indication that any of these vulnerabilities were exploited in the wild. The company vowed to provide a more comprehensive overview of these vulnerabilities, as well as its efforts to fix them and prevent further issues, in the future.
Featured Video For You
This automatic smart lock is both convenient and secure
(责任编辑:新闻中心)
- 25 Years Later: A Brief Analysis of GPU Processing Efficiency
- Basketball World Cup: US likely to start with seven players
- Barcelona are on the ‘right path’, says Xavi
- 石棉县多部门联动打击发票违法行为
- How to Backup Your Gmail Account
- Best Home Depot Labor Day sale deals
- Tom Brady's massive coat stole the show during the AFC championship game
- 人老了,他们最需要什么?——老年人晚年生活状况调查(下)
- Twitter explains why it hasn't banned Alex Jones
- From Prairie Grasslands to Man
- 迎“世界读书日”市区读书活动热烈开展
- “中国建设银行少数民族地区大学生成才计划”四川省启动仪式在雅举行
- Tributes flow online for much
-
PCB official under probe for conflict of interest
ListentoarticleThe Pakistan Cricket Board (PCB) has launched an investigation into a senior official ...[详细] -
Yoon Suk Yeol delivers his speech after being chosen as presidential election candidate of the main ...[详细]
-
Why Elon Musk can get away with tweeting about Tesla's business plans
It certainly felt like a whim or marijuana-infused trolling, but Elon Musk's tweet Tuesday morning a ...[详细] -
小学生排队捐款 本报讯 “一方有难,八方支援,捐赠不论多少,善举不分先后,只要人人都献出一点爱,与灾区人民风雨同舟,共渡难关,就能战胜地震灾害。” 21日下午,荥经县严道第二小学举行“情系玉树、大爱无 ...[详细]
-
Google has announced that Gemini, its AI tool that rivals ChatGPT, now supports AI-generated images ...[详细]
-
Disagreement on North Korea sanctions feared to weaken Seoul
GettyimagesbankExperts mixed on partial lifting of economic penalties By Kang Seung-wooAs ever-tight ...[详细] -
Gov't says it will test THAAD radar waves again to allay health concerns
South Korea will again check the electromagnetic waves coming from the powerful radar used in the ad ...[详细] -
Wawrinka sets up Medvedev meeting in Metz
METZ:Stan Wawrinka won a third consecutive match for the first time since 2020 on Wednesday to set u ...[详细] -
广东超一半的北运淡水鱼来自这里!全链发力打响“南海鱼”金字招牌
广东超一半的北运淡水鱼来自这里!全链发力打响“南海鱼”金字招牌_南方+_南方plus8月下旬,位于佛山市南海区的广东何氏水产有限公司车水马龙,一辆辆活鱼运输车整装待发,热闹非凡。立秋过后,我国华北、西 ...[详细] -
Raducanu survives wobble in Seoul
SEOUL:Former US Open champion Emma Raducanu overcame a late wobble before defeating Japan's 126t ...[详细]
- Which iPad Model Is Right for You?
- Twinkies ice cream has arrived on a planet that might not be ready for it
- Federer one of the greatest athletes: Djokovic
- Severe heat wave grips Korea
- U.S. Senators call on FTC to investigate the security of drivers' data
- 人人都享受运动的乐趣
- The InfoWars app is still alive and well in the App Store and Google Play