LastPass Vulnerabilities Revealed: Here is How to Stay Safe

Prayank

One of the most popular Password managers LastPass is facing severe issues with its browser extensions as multiple vulnerabilities were revealed with the service over the past week, and they still persist.

LastPass

Technology is ever evolving, and although it’s meant to enhance our lifestyle, sometimes it can even be damaging in case certain bugs are exploited, especially when a service such as LastPass, which are responsible for safeguarding tens of millions of passwords, is concerned.

Last week, on March 20, Tavis Ormandy, a researcher at Google’s Project Zero, uncovered two bugs in LastPass’ browser extensions which made users vulnerable to remote code execution.

The revealed vulnerabilities affected both business and personal users of the service.

Vulnerabilities Revealed Over the Past Week?

March 20: Tavis Ormandy finds two Remote Code Execution (RCE) vulnerabilities that were affecting LastPass’ browser extensions — potentially enabling an attacker to steal passwords.

March 21: LastPass acknowledges Ormandy’s report and confirms that the vulnerabilities exist and their team will be working to fix them.

March 22: The company announces that they’ve released new versions of Chrome (v 4.1.43) and Firefox (v 4.1.36) browser extensions with security updates in place.

They also mentioned that no data was compromised in between this period and users do not need to worry about changing their credentials. Updated versions of Microsoft Edge and Opera browser extensions will be released pending company approval.

March 25: Tavis Ormandy uncovers another vulnerability faced by the updated version of the Google Chrome browser extension (v 4.1.43). LastPass acknowledges the vulnerability in an update of their March 22 announcement.

March 27: LastPass issued a statement,”We are not actively addressing the vulnerability. This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties.”

How to Stay Safe?

Vdovichenko Denis / Shutterstock.com

Currently, LastPass has confirmed that it is working to fix the security issues with their service and a full fix can be expected soon. In the meantime, it’s recommended for LastPass users to heed to the following precautions.

  • To safeguard their login credentials, users are recommended to disable the browser extensions in the meantime and launch websites directly from the LastPass Vault until the vulnerabilities are resolved by the company.
  • Turn on Two-Factor Authentication for all the accounts that offer the option, giving your account an added layer of security in case the vulnerability is exploited by an attacker.
  • Be on a lookout for phishing attacks. Do not click on links from untrusted sources — people you don’t know
Looking for alternatives to LastPass? Check out the top 3 alternatives here.

Also See
#lastpass #password

Join the newsletter

Prayank

Written By

Prayank

Bike enthusiast, traveller, ManUtd follower, army brat, word-smith; Delhi University, Asian College of Journalism, Cardiff University alumnus; a journalist breathing tech these days.