summary:
with google authenticator required for logging in to Lastpass, I'm often able to bypass using it, when logging into certain sites (Ebay, google).
Say I'm trying to login to google: I click the little symbol in the name field and the Lastpass window pops up.
I fill in my Lastpass password and (in this browser at any rate) a new tab opens requesting the verification code.
-tomos
^ that was in Iron portable.
I have been able though to reproduce this in Firefox and PaleMoon.
Basically, with google Authenticator required for Laspass:
- open your login page
- click on the little symbol in one of the fields - that will open Lastpass dialogue
- type in your Lastpass password
- google Authenticator dialogue opens - in the back, *sometimes* the login details including password will be filled in already
- close google Authenticator dialogue - Lastpass is not logged in, yet you have gotten logged into your site without filling in google Authenticator
The above flaw has worked for me with gmail and Ebay. Not with dc oddly ;-)
It's possible this is not a problem with Lastpass, but rather with the browser cookie settings. Or the site's cookies.
I was always amazed, that I could just type 'inbox' in the addressbar, select my gmail inbox link - and it would load without requiring a login, no matter what my login settings were for google. This was a problem with (default) cookie settings - but I would still hold google at fault for not changing things from their end.
I cant even find cookie settings in FF 39 :-/
Recent Posts
