11/22/2023 0 Comments LastpassextensionThankfully, LastPass has already fixed the issue within its Chrome extension by disabling. It seems that all one needed to exploit the vulnerability was two simple lines of JavaScript code. There are hundreds of internal LastPass RPCs, but the obviously bad ones are things copying and filling in passwords (copypass, fillform, etc)," Ormandy added in his report. "This allows complete access to internal privileged LastPass RPC commands. The vulnerability made it dangerous for users to even browse a malicious website as all your passwords could have been picked up by attackers. Since LastPass works by storing passwords in the cloud, the browser extension is your link to the LastPass account, helping you save new information as you browse the Internet. This is clearly a mistake," Ormandy writes. "This script will proxy unauthenticated window messages to the extension. It could also be pushed to execute commands on the victim's computer, which the Google hacker demonstrated easily. According to Ormandy, the extension had an exploitable content script that could be attacked to extract passwords from the manager. The white hat found the issue within the LastPass Chrome extension. ![]() At least that's the opinion of Google's Tavis Ormandy, security expert who has detected numerous problems over the years, including the recent Cloudflare incident. ![]() This wasn't even some very complicated problem, but rather a coding error. Thankfully, the company has already patched things up. LastPass, the password vault that you were supposed to trust with your information, was affected by a critical security flaw.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |