LastPass accounts can be “completely compromised”

A serious LastPass zero-day vulnerability has been found, which can compromise user accounts when they visit a malicious website.

The vulnerability “allows attackers complete access to user accounts in which thousands of passwords are stored”, The Register reported.

Google employee and white hat hacker Tavis Ormandy discovered the security flaw, which he reported to LastPass.

“Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems,” said Ormandy.

According to Ormandy, LastPass is working on the “complete remote compromise” following his report.

More on LastPass

LastPass vulnerable to simple phishing attack

LastPass hacked – you need to change your master password

Latest news

Partner Content

Show comments

Recommended

Share this article
LastPass accounts can be “completely compromised”