Results 1 to 1 of 1
Threaded View
-
13th Jul 2014, 01:49 PM #1
LastPass Notifies of Password Change
LastPass informs its users that they need to change the master password for the service if they used bookmarklets before September 2013.
The reason is that they have been notified by a security researcher of a vulnerability regarding this feature, which could be leveraged against a user utilizing the bookmarklet on an attacking site.
The flaw was discovered by Zhiwei Li at UC Berkeley and there are no technical details about how the attack could be carried out.
However, LastPass addressed this issue and says that they have no evidence that the vulnerability was used in the wild.
“If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary,” reads a post from LastPass team.
Bookmarklets are a kind of bookmarks that can execute code on the visited, and they can be used to securely access information in the LastPass account when a LastPass plugin cannot be used.
Zhiwei also reported another security flaw, which would allow an attacker to use the LastPass username of a potential victim to create a fake OTP (one-time password) code.
This could be used in a targeted attack because the criminal should know the username of the victim’s account in order to compromise it. Also, even if the attack would be successful, the company says that “the attacker would still not have the key to decrypt user data.”
“Zhiwei only tested these exploits on dummy accounts at LastPass and we don't have any evidence they were exploited by anyone beyond himself and his research team. The reported issues were addressed immediately,” the blog post says.Kepler Reviewed by Kepler on . LastPass Notifies of Password Change http://i1-news.softpedia-static.com/images/news-700/LastPass-Notifies-of-Password-Change.jpg LastPass informs its users that they need to change the master password for the service if they used bookmarklets before September 2013. The reason is that they have been notified by a security researcher of a vulnerability regarding this feature, which could be leveraged against a user utilizing the bookmarklet on an attacking site. The flaw was discovered by Zhiwei Li at UC Berkeley Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Personal Opinion of AP Changing
By _Vick in forum General DiscussionReplies: 0Last Post: 27th Jan 2012, 11:34 AM -
Web-hosting service DreamHost warns users of password hack
By Bharat in forum News & Current EventsReplies: 0Last Post: 22nd Jan 2012, 06:24 AM -
Will URL of links change if we transfer forum to other host?
By vorazeal in forum Webmaster DiscussionReplies: 1Last Post: 28th Sep 2010, 05:43 PM -
Password: Change it
By el_jentel1 in forum News and AnnouncementsReplies: 0Last Post: 8th Jun 2010, 12:36 AM
themaCreator - create posts from...
Version 3.24 released. Open older version (or...