Which has never used the services of LastPass, tell you that we are talking about nothing less than one of the most famous platforms to store and manage passwords that use a user for any of your daily chores on the internet. As it has been reported through the official blog of the service, apparently its software developers they have managed to fix two security holes which, apparently and as discussed, they could allow an attacker stole all the passwords for a user with a single click.
Now, this solution had to do trial after an email sent to LastPass by Mathias Karlsson, a researcher who reported one of the bug that does not receive a response from the company, decided to publish the history of it on their website. After the story was published, on LastPass they got to work citing, curiously, that security is a total and absolute priority for the company. At the same time have also published and detailed all the characteristics of errors.
LastPass arranges two failures of security of its platform in record time
For errors that are detected, on the one hand we find a fault arising because the URL parsing code was defective. Precisely because of this bug an attacker could use LastPass Keychain credentials on fraudulent websites, with the ability to steal the keys to the main service online for simple and, literally, in record time.
Secondly, apparently there was a bug in Firefox LastPass extension in such a way that an attacker could attract the victim to a malicious web site and, once there, page could perform actions on the application in the background while the user to give account of this.
