This helped the company, famous for its password manager, towards patching the software flaw and releasing updates for the benefit of end-users. Ormandy notified LastPass prior to making the flaw publicly known. LastPass admits the flaw is exploitable with several actions on the part of the LastPass end-user including him feeding the passphrase having LastPass' icon followed with going to a malware-ridden else hijacked website and eventually getting tricked into making several clicks on that site. The process of click-jacking involves tricking an end-user into pressing the key on a disguised element thereby inadvertently leading to disclosure of secret info, else even compromise of the device. He is a member belonging to the white-hat team of hackers which concentrates on detecting flaws within software, according to ZDNet. posted this, September 17, 2019.ĭiscovery of LastPass' Chrome software click-jacking flaw on 30th August is credited to Tavis Ormandy a researcher for Google Project Zero. This happens when the end-user presses the enter key on LastPass' "." option viewable inside login fields. Having over 10m end-users LastPass' extension functions to automatically feed passwords into A/C logins. If there's any flaw inside the software, attackers can exploit it for giving away end-users' login credentials provided those end-users go to certain hacker-hijacked website. LastPass in a security advisory has asked end-users to make its Chrome extension up-to-date with respect to the company's password manager. We particularly liked being able to manage everything from its browser plugin on the desktop, making LastPass our password manager of choice.Flaw inside LastPass Chrome extension allows revelation of login credentials Even its Premium subscription is low cost and provides convenient syncing to every device you own. “LastPass is a powerful and easy-to-use tool, and provides an exceptional range of features – even in its free tier. Our apologies for any inconveniences caused, and thank you for your understanding and patience.” the company announced.ĭespite this week’s shambles, LastPass is one of the most popular password managers out there. “The LastPass Chrome extension has been restored. The LastPass Chrome extension was restored and made available to download last night: LastPass also reassured users that the web vault, mobile app and extensions in non-Chrome browsers – including Firefox, Microsoft Edge, non-Chromium based versions of Microsoft Edge and Opera – would not affected by the Chrome Store removal. This meant that users who had previously installed the extension were able to continue using the tool to access their passwords as usual. Luckily, only users downloading the LastPass extension for the first time were affected by the outage. The tool was down for two days while awaiting review by Google. “Thank you for your understanding and patience in the meantime.”Īfter apologising to users, LastPass was forced to go through the Chrome Web Store’s submission process all over again. “The LastPass extension in the Chrome Web Store was accidentally removed by us and we are working with the Google team to restore it ASAP.” wrote LastPass on its status page on Wednesday evening. It took the password manager company five hours to figure out that the problem had originated in its own office.Ī member of staff had accidentally deleted the extension from the Google Chrome store. Reports of 404 errors came rolling in on Wednesday, after a number of users found they were unable to install the browser extension through the Chrome Web Store. Think you’ve had a rough week? A LastPass employee accidentally deleted the password manager’s browser extension from the Chrome store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |