LastPass bug leaves user credentials vulnerable

LastPass logo

Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension.

Long story short, a Google Project Zero researcher found it possible to steal the details of the last account a user logged into from a website being viewed in Chrome or Opera.

The vulnerability was reported to LastPass who patched the problem immediately.  Version 4.33.0 of the company’s browser extension includes the fix and whilst it should upgrade automatically it might be wise to double check. Especially now the vulnerability has been made public.

Source: Password-exposing bug purged from LastPass extensions | Ars Technica

Reckoner had its humble beginnings way back in June of 2013.

Founded by James Croft, along with Peter Wells and Anthony Agius they created what would go on to become one of Australia’s most highly regarded and award winning independent tech blogs.

With its uniquely Australian voice Reckoner is committed to offering a “no-holds-barred” approach to its writing. Beholden to no one but its audience. Reckoner’s goal is to remain completely transparent and honour the trust it’s built with its faithful readership.

Support Reckoner!
Thanks for stopping by. It looks like you're really enjoying the content so why not help a brother out and pitch in for a coffee.

Your support makes all the difference!