News

LastPass recommends opening sites directly from the Vault after new leak

By admin
Spread the love

LastPass closes a newly found vulnerability in its browser extension. The company recommends opening saved sites directly from the locally-stored LastPass Vault and not via autofill in the run-up to fixing the issue. The leak was found by a Google researcher.

The LastPass extension allows auto-filling of passwords for various services, but LastPass does not recommend doing this until a vulnerability in the code is fixed. Users must log in by going to the Vault and clicking on the sites where they want to log in. According to the service, this is the safest way. Autofill can be turned off via the Automatically fill log-in information option in the preferences.

Google security researcher Tavis Ormandy already made known encountered a vulnerability that allowed him to execute code within LastPass 4.1.43. He managed to develop an exploit and provided the details to LastPass, which reports on its blog that it is working to close the vulnerability. LastPast further recommends the use of two-factor authentication with any service that offers this option and warns users to be aware of phishing attacks.

It is yet another LastPass leak in a short time that Google’s Project Zero employee Ormandy brings forward. The password management service usually responds quickly to its notifications.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Meta introduces open source language model Llama 2, works on PCs and phones