قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Google Warns LastPass Users Exposed to Last Password Leak

Google Warns LastPass Users Exposed to Last Password Leak




<div _ngcontent-c15 = "" innerhtml = "

Google Project Zero is a team of highly talented security analysts with short zero-day vulnerability detection.If a vulnerability is detected, Project Zero reports to the appropriate vendor and starts a 90-day countdown, which must be issued before full public disclosure of LastPass also security is one of the most popular management solutions password sharing with more than 1

6 million users, including 58,000 companies. Project Zero has just revealed that a security vulnerability has left some of those 16 million users at risk of compromising authenticity, as LastPass could ironically The last password used for each site visited has expired.

How can the LastPass password vulnerability be exploited?

In a tweet published on September 16, Google Project Zero analyst Tavis Ormandy stated that "LastPass may leak the most recently used credentials because of a cache that is not updated", adding "this is so, because you can bypass the credentials of the section that is populated. By including the login form in an unexpected way! "

Ormandy reported the vulnerability on August 29, with Project Zero edition 1930 showing how previous LastPass credentials can be exposed us on any website under certain circumstances.

Ferenc Kuhn, LastPass's engineering manager at LogMeIn, who owns LastPass, said in an online statement that this "limited set of circumstances with specific browser extensions" could potentially allow the attack described in the scenario.

"In order to use this glitch, you will need to take a number of actions by a LastPass user, including filling in a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking the page several times , "said Kun," any potential exposure due to an error is limited to specific browsers (Chrome and Opera.) "

What should you do now? [19659006] The answer, thankfully, is nothing. LastPass has already patched the vulnerability and the fix has been thoroughly verified with Project Zero. Indeed, the amendment was introduced on September 13, and Kuhn confirmed that "we have now resolved this error; no user action is required and your LastPass browser extension will be updated automatically. "

As a precaution, the LastPass update was deployed. for all web browsers, not just Chrome and Opera.

How severe was this vulnerability and should you stop using LastPass?

Let's first deal with the last part of this question; there is absolutely no reason to stop using LastPass or your preferred password manager for that matter. "Although password managers, like any other software, have the disadvantages the benefits of using one far outweigh the risks, ," says ethical hacker John Opdenakker. "Your accounts are much more likely to be compromised by attacks that use bad passwords," Opdenakker says, "such as by reusing credentials than by attacks against password managers themselves. "

OK, so how serious was this particular vulnerability? It sure sounds serious enough, right? Project Zero's Tavis Ormandy has classified the vulnerability as "high" in severity. Opdenakker is not so sure he deserves it. "I think the most important thing for LastPass is to eliminate this error, which is certainly not critical, within a reasonable amount of time," says Opdenakker, "it's debatable whether it's high or medium because, as Ormandy says, it doesn't works for all URLs. "

LastPass Security Recommendations

Ferenc Kuhn said LastPass continues to recommend the following best practices for added online security:

  • Don't click on the links from people you don't know or it looks unusual from your trusted contacts and companies.
  • Always activated Get Multi-Factor Authentication (MFA) for LastPass and other services like your bank, email, Twitter, Facebook, etc.
  • Never reuse your primary LastPass password and never reveal it to anyone, including us.
  • different, unique passwords for each online account
  • Keep your computer free of malware by running an antivirus program with the latest detection patterns and keeping the software updated.

More on Forbes ]

This iPhone Hack allows Google to access device files for iOS

Google to correct the issue of malicious invitations to 1 billion calendar users

a new security warning was issued to 2 billion Google users

" >

Google Project Zero is a highly talented team and security analysts with a short way to detect zero-day vulnerabilities. If a vulnerability is discovered, Project Zero reports to the appropriate vendor and starts a 90-day countdown before full disclosure also in the security business, one of the most the most popular password management solutions with more than 16 million users, including 58,000 companies. Project Zero has just revealed that a security vulnerability has left some of those 16 million users at risk of compromising authenticity, since the ironic twist of LastPass could expire the last password used for every website visited.

How Can LastPass & # 39;

In a tweet posted on September 16, Google Project Zero analyst Tavis Ormandy stated that "LastPass may leak the most recently used credentials because of not updating the cache," add "this is because you can bypass the popup on the tab's trust cache by including the login form unexpectedly! "

Ormandy reported the vulnerability on August 29, as Project Zero Release 1930, showing how previous LastPass credentials could be completed

Ferenc Kuhn, engineering manager for LastPass at LogMeIn, which owns LastPass, said in an online statement that this "limited set of circumstances in specific browser extensions" could potentially enable the attack scenario described.

"In order to use this error, one must take a series of actions by a LastPass user, including filling out a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking the page several times, "said Kun," any potential exposure due to an error is limit next to specific browsers (Chrome and Opera.) "

What should you do now?

The answer, thankfully, is nothing. LastPass has already patched the vulnerability and the fix has been thoroughly verified with Project Zero. Indeed, the amendment was introduced on September 13, and Kuhn confirmed that "we have now resolved this error; no user action is required and your LastPass browser extension will be updated automatically. "

As a precaution, the LastPass update was deployed. for all web browsers, not just Chrome and Opera.

How severe was this vulnerability and should you stop using LastPass?

Let's first deal with the last part of this question; there is absolutely no reason to stop using LastPass or your preferred password manager for that matter. "Although password managers, like any other software, have drawbacks, the benefits of using one far outweigh the risks," says ethical hacker John Opdenakker. "Your accounts are much more likely to be compromised by attacks that use bad passwords," Opdenakker says, "such as by reusing credentials than by attacks against password managers themselves. "

OK, so how serious was this particular vulnerability? It sure sounds serious enough, right? Project Zero's Tavis Ormandy has classified the vulnerability as "high" in severity. Opdenakker is not so sure he deserves it. "I think the most important thing for LastPass is to eliminate this error, which is certainly not critical, within a reasonable amount of time," says Opdenakker, "it's debatable whether it's high or medium because, as Ormandy says, it doesn't works for all URLs. "

LastPass Security Recommendations

Ferenc Kuhn said that LastPass continues to recommend the following best practices for added online security:

  • Don't click on links from people you don't know , or that looks like the nature of your trusted contacts and companies.
  • Always enable MFA for LastPass and other services like your bank, email, Twitter, Facebook and more.
  • Never use your last LastPass password again and never reveal it to anyone, including us.
  • Use different, unique passwords for each online account.
  • Keep your PC free of malware by running an antivirus program with the latest detection patterns and keeping your software up-to-date.

More Forbes

This iPhone Hack Allows Google Access iOS Device Files

Google to Correct Malicious Invitations for 1 Billion Calendar Users

Issued New 2 Billion Security Alert Chrome users


Source link