LastPass bug could expose your passwords2019-09-17 16:28 by Daniela
Tags: LastPass, security, bug
Password manager LastPass has an exploit that could be abused to reveal a user's credentials. The bug was initially spotted and reported by security researcher Tavis Ormandy on August 29. LastPass then issued a fix last week on September 12.
According to LastPass, malicious actors could exploit the bug by luring unsuspecting users to fill a password using the LastPass icon, then visit a compromised website. The user would then be tricked into clicking on the page several times, which in turn could result in LastPass revealing the credentials used for the previously visited site. The bug was limited to certain browsers—Chrome and Opera, to be specific—but LastPass says it sent the fix to all browsers.
The company notes that "no user action is required and your LastPass browser extension will update automatically," but it's always a good idea to make sure that automatic update made its way to you.
To check, click the three dots at the top right side of Chrome and then select More Tools followed by Extensions. From there, scroll down until you see LastPass, click the Details button and then hit "Update" to manually update the extension to the latest version.
The downside to password managers is that if or when they fail, the results can be severe. It's not unusual for some people to use password managers to store hundreds of passwords, some for banking, 401k, and email accounts. In the event of a password-manager hack, there's the risk that the credentials for multiple accounts can be exposed. On the whole, I still recommend most people use password managers unless they devise another technique to generate and store strong passwords that are unique to every account.
Read more -here-