Source |
Network World |
Identifiant |
343307 |
Date de publication |
2017-03-22 14:21:49 (vue: 2017-03-22 14:21:49) |
Titre |
LastPass fixes serious password leak vulnerabilities |
Texte |
Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service's users for Google Chrome, Mozilla Firefox and Microsoft Edge.According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user's secure vault.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
access according affected allowed are article attackers browser bug chrome click code commands comment computers copy could description developers discovered edge execute extension extensions fill firefox fix fixes forms full given google have here information inside installed internal lastpass leak leave malicious manager microsoft monday mozilla ormandy out password passwords please popular project push read reported researcher rushed secure security serious service solve steal stored tavis those tracker used user users using vault vulnerabilities vulnerability web zero |
Tags |
|
Stories |
LastPass
|
Notes |
|
Move |
|