Join Our Community!Join Our WhiteHat Group On facebook & Stay Updated.

LastPass Password Manager Fixes Major Flaw | Hacker Nucleus

LastPass has recommended its users to avoid using its plugins while it is trying to fix a major vulnerability that could allow hackers to steal passwords or run a code.

The hole in the system was discovered by a security researcher at Google, who informed the company of its existence in accordance with responsible disclosure norms – without publicly stating how the bug is exploited. As a result, the password manager firm warned its users, saying that it was actively addressing the vulnerability, which appeared to be “unique and highly sophisticated”. Since the company didn’t want to disclose anything specific about the flaw or its fix, the users can expect a more detailed explanation after the bug is fixed.

LastPass listed 3 steps that users could take in order to keep themselves safe: launch websites directly from the LastPass Vault, use two-factor authentication, and beware of phishing attacks.

The Google’s security researcher who discovered the flaw has been focusing research efforts on LastPass for some time now within the framework of his work with Google’s Project Zero. The latter is a side project of Google devoted to finding and reporting security flaws in other company’s products. A week earlier, LastPass already issued a fix for a pair of issues reported by the Project Zero security researcher.

However, even despite the existence of vulnerabilities in password managers like LastPass, security experts still recommend using them. In fact, password reuse is considered a more pressing security issue for the majority of users than the targeted hack: the statistics show that data breaches occur far too more often that such attacks. This is why anything preventing the damage from spreading beyond the affected website is very important. It is clear that the vast majority of people can’t remember enough unique, strong passwords for each website they use.

On the other hand, some security researchers have concerns over the password manager usage – for example, Microsoft researchers from Carleton University in Canada argued three years ago that password managers introduce a single point of failure because users not only can be hacked but also simply lose or forget the password to the manager.



Leave a Reply