LastPass recommends opening sites directly from the Vault after new leak

Spread the love

LastPass closes a newly found vulnerability in its browser extension. The company recommends opening saved sites directly from the locally-stored LastPass Vault and not via autofill in the run-up to fixing the issue. The leak was found by a Google researcher.

The LastPass extension allows auto-filling of passwords for various services, but LastPass does not recommend doing this until a vulnerability in the code is fixed. Users must log in by going to the Vault and clicking on the sites where they want to log in. According to the service, this is the safest way. Autofill can be turned off via the Automatically fill log-in information option in the preferences.

Google security researcher Tavis Ormandy already made known encountered a vulnerability that allowed him to execute code within LastPass 4.1.43. He managed to develop an exploit and provided the details to LastPass, which reports on its blog that it is working to close the vulnerability. LastPast further recommends the use of two-factor authentication with any service that offers this option and warns users to be aware of phishing attacks.

It is yet another LastPass leak in a short time that Google’s Project Zero employee Ormandy brings forward. The password management service usually responds quickly to its notifications.

Facebook Notice for EU! You need to login to view and post FB Comments!
You might also like