LastPass Password Manager exposed a major vulnerability please upgrade your Firefox add-ons-bug warning-the black bar safety net

ID MYHACK58:62201677380
Type myhack58
Reporter 佚名
Modified 2016-07-29T00:00:00


Focus on finding vulnerabilities a security researcher, has discovered well-known online Password Manager LastPass is a potential risk that an attacker can take the contact to the user's online account. Fortunately, LastPass has fixed this allow an attacker remote access to the millions of accounts of so-called“zero-day”, is said user access to a specific malicious site will be caught. The Register noted that the white hat researcher Tavis Ormandy took the lead confirmed this problem. ! In fact, more than LastPass, the any cloud password storage services are at risk. Ormandy, in a tweet wrote that he had to LastPass sent a complete report, the next will continue to work for its competitor 1Password Password Manager vulnerabilities. ! Ormandy and LastPass are not revealed about the vulnerability or report details. 【Update】a LastPass spokesperson confirmed that the company reviewed the Ormandy of the report soon after repairing the vulnerability, in a blog post gives a description and recommended users update. The blog post confirmed Ormandy, Google security team one of the researchers, this‘message injection bug’will affect the LastPass Firefox add-ons. ● First, the attacker needs to successfully lure a LastPass user to a malicious website. ● Then, Ormandy demo of the website will not be user aware of the case to perform LastPass operations such as delete some of the entries; and● however, the problem has been thoroughly repaired, and to all use LastPass 4.0 of the Firefox user to push the update