There is a bug that the last used password leaks to the password manager 'LastPass'
by
It has been reported that the browser extension function of the password manager ' LastPass ' that helps manage multiple IDs and passwords leaks the authentication information of the last used site. LastPass has already released a modified version, and the extension will be updated automatically.
LastPass Bug Reported & Resolved-The LastPass Blog
https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/
1930-lastpass: bypassing do_popupregister () leaks credentials from previous site-project-zero-Monorail
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Tavis Ormandy, a security researcher at Google Project Zero, reported the bug. If an attacker performs clickjacking exploiting a bug, the last site authentication information entered using LastPass may be extracted.
It is said that there was a potential danger due to a bug in the browser extension for Google Chrome and Opera, but just in case, the fix update is distributed for all browsers and the user side has a special operation It is automatically updated without having to. However, if you have turned off automatic extension updates, you must update manually.
Related Posts:
in Security, Posted by logc_nt