121
General Software Discussion / Multiple LastPass Vulnerabilities Discovered Recently
« on: March 21, 2017, 07:48 PM »
I (mostly) stopped using LastPass a couple years ago for reasons unrelated to this, but it seems multiple password-leaking vulnerabilities (and other dangerous exploits) have been discovered recently:
Even though I no longer use LastPass for new passwords, my account still has many old passwords I haven't updated in a while, and I have kept the extension installed because of that, since it seems to work more reliably than the extension for the password manager I switched to. So maybe it's time for me to fully ditch LastPass.
LastPass works by storing your passwords in the cloud. It provides browser extensions that connect to your LastPass account and automatically fill out your saved login details when you surf to your favorite sites.
However, due to the discovered vulnerabilities, simply browsing a malicious website would be enough to hand over all your LastPass passphrases to strangers. The weak LastPass script uncovered by Ormandy could be exploited by tricking it into granting access to the manager's internal data. It can also be potentially abused to execute commands on the victim's computer – Ormandy demonstrated this by running calc.exe simply by opening a webpage.
Even though I no longer use LastPass for new passwords, my account still has many old passwords I haven't updated in a while, and I have kept the extension installed because of that, since it seems to work more reliably than the extension for the password manager I switched to. So maybe it's time for me to fully ditch LastPass.