LastPass Gets Outed And Immediately Fixes Vulnerability That Leaks Your Password
Reports of online vulnerabilities have become somewhat of a daily occurrence with malicious individuals employing dubious tactics to get your most personal data.
It is because of this we recommend Password managers as your best possible defense against the unending onslaught of internet pirates.
Password Managers do play a set of important roles. Not only are they guardians of the keys to our treasured online credentials, but not also facilitate the usage of strong, sometimes unbreakable passwords.
However, things could get a little dicey if the platform supposedly tasks with managing your passwords suddenly starts leaking them randomly on sites your visited, secure or otherwise.
This was the situation that befell one of the leading password manager platforms, LastPass and you know its really bad when a Google Project Zero analyst posts a tweet like this outlining the issue
“LastPass could leak the last used credentials due to a cache not being updated. This was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!”
Part of an elite group of talented cybersecurity experts, Tavis Ormandy and colleagues are important pillars of Google’s Project Zero and are tasks to uncover zero-day vulnerabilities by sniffing through code that makes up products and services offered to users through the internet.
During occasions where vulnerabilities are detected, the team immediately reports the issue to the vendor concerned — in this case LastPass– and starts a 90-day countdown for a fix before the general public is informed.
LastPass was found to have an issue that put the personal information of all its 16 million clients at risk but Ferenc Kun, the security engineering manager for LastPass argued the issue was a little overstated by the Project Zero team saying
“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times.”
The issue has long been patched by Lastpast with the fix collaborated by the team that discovered it.
However, Ferenc Kun listed some pointers to help you stay safe while online
- Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
- Always enable Multi-Factor Authentication (MFA) for LastPass and other services like your bank, email, Twitter, Facebook, etc.
- Never reuse your LastPass master password and never disclose it to anyone, including us.
- Use different, unique passwords for every online account.
- Keep your computer malware-free by running antivirus with the latest detection patterns and keeping your software up-to-date.
Do you still trust online security vendors like LastPass with your passwords even after the current development? Share your thoughts in the comments.