posted this, September 17, 2019.ĭiscovery of LastPass' Chrome software click-jacking flaw on 30th August is credited to Tavis Ormandy a researcher for Google Project Zero. This happens when the end-user presses the enter key on LastPass' "." option viewable inside login fields. Having over 10m end-users LastPass' extension functions to automatically feed passwords into A/C logins. If there's any flaw inside the software, attackers can exploit it for giving away end-users' login credentials provided those end-users go to certain hacker-hijacked website. LastPass in a security advisory has asked end-users to make its Chrome extension up-to-date with respect to the company's password manager. Flaw inside LastPass Chrome extension allows revelation of login credentials
0 Comments
Leave a Reply. |