A serious LastPass zero-day vulnerability has been found, which can compromise user accounts when they visit a malicious website.
The vulnerability “allows attackers complete access to user accounts in which thousands of passwords are stored”, The Register reported.
Google employee and white hat hacker Tavis Ormandy discovered the security flaw, which he reported to LastPass.
“Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems,” said Ormandy.
According to Ormandy, LastPass is working on the “complete remote compromise” following his report.