Home >> News >> Reported LastPass Security Flaws Put Us at Risk

Reported LastPass Security Flaws Put Us at Risk


LastPass security flaws have recently been disclosed, and users are rightfully concerned. The service is a widely used password manager, and up until now, there were no reasons for concern. However, a security researcher has revealed that LastPass has weak spots that make it a target for hackers.

The LastPass security flaws have been pointed out by Tavis Ormandy, a renowned information security engineer, that tweeted his finding on July 27. Ormandy’s tweet reads “Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I’ll send a report asap”.

<

Reported LastPass Security Flaws Put Us at Risk

Tavis Ormandy showed revealed how attackers could lure users to a malicious website through a message-hijacking bug that up until now affected the password manager’s addon. Once entering entered the website, it could have executed  LastPass actions without the individual’s knowledge.

Other experts were quick to question Ormandy’s discoveries and also admonish him for posting the issue on Twitter instead of  just privately informing the company. Some, however, have jumped to defend the security engineer by saying that public warnings are of use.

Following the disclosure of LastPass’ vulnerabilities, the software development company announced it had fixed the flaws in less than 24 hours after the worrying tweet. LastPass reported that the uncovered security issues had been identified and resolved, and thanked Ormandy for its work. The company assures its customers that their private information is safe from hackers.

LastPass also said that the problem only targeted Firefox users and people using other browsers do not need to take any action. The company has pushed a fix for Firefox users that are using LastPass 4.0.

“As always, we appreciate the work of the security community to challenge our product and ensure we deliver a secure service for our users. More information on these fixes will be posted here shortly” said LastPass through a recent blog post.

The company has also listed a few recommendations for its community members. Users are advised to use a different password for each of their online accounts and make sure it is a strong one, to beware of pishing websites, run and update an antivirus, and use two-factor authentication. In the meanwhile, the company will continue to work on providing an even more secure product.

IMAGE SOURCEslashgear.com


About Bhanu Jamwal

bhanu@thenextdigit.com'
Living in Aldine, TX, he writes about Mac, iOS, Android and IT Hardware. Apart from writing on The Next Digit, he is also an expert in providing valuable seminars on IT Peripherals and IT Security. All posts by Bhanu

Fatal error: Uncaught Exception: 12: REST API is deprecated for versions v2.1 and higher (12) thrown in /home/nitin198/public_html/wp-content/plugins/seo-facebook-comments/facebook/base_facebook.php on line 1273