News

LastPass closes vulnerability in 2fa app for Android

By admin
Spread the love

LastPass has closed a security hole in the LastPass Authenticator app for Android. The 2fa codes could be read by creating a shortcut to another part of the app and then navigating with the back button to the page with the codes.

Normally, this 2fa app also needs to be logged in with a pin or a fingerprint, provided that the user activates this. However, this relatively simple trick, which could also be performed by a rogue app, bypasses this completely and bypasses one of LastPass’ security components.

Security researcher ‘Dylan.m’ made a post on Medium on December 24 about the flaw, long after he himself reported it to LastPass in June. According to his timeline, the developer confirmed that the problem existed, but they could not give a time indication of when the creator would fix this problem. On December 8, he even announced that he was going to make the information public, to which LastPass would not have responded. Finally, on December 28, an update was pushed for the app and the leak was closed.

LastPass is a digital online vault where users can store their usernames and passwords. These are then encrypted with a single “master password” that allows users to access everything; the so-called ‘last password they need to remember’. The service is available in the form of browser extensions and an Android and iOS app.

LastPass has suffered from security vulnerabilities in the past.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Brave sells web content as data for AI training

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…