LastPass Seems To Have A Security Problem

The news is out that password manager LastPass has some critical security flaws that allow malicious websites to steal passwords. The first flaw was spotted by Tavis Ormandy of  Google’s Project Zero security team. He found that the LastPass Chrome extension has an exploitable content script that webpages can exploit to extract usernames and passwords. The good news is the LastPass folks quickly fixed this exploit. The bad news is that Firefox users are not immune as a similar exploit was found in an extension for that browser:

There is apparently a fix for this on the way. On top of that, LastPass is recommending that you move to version 4.x of their Firefox extension. However, before you do, you might want to read this from Mr. Ormandy:

It really seems that LastPass has some serious holes in it at present. Hopefully this all gets patched quickly. But you may want to consider moving to another password manager if you feel the least bit insecure.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: