Ghacks regulars know that I'm a big supporter of the free cloud based password manager LastPass. The program is available for popular web browsers and mobile devices, and offers many comfortable password and login related features. This includes online password management, one-click log ins, user profiles to fill out forms faster, a secure password generator and more.
A cross site scripting vulnerability was recently discovered by a security researcher on the LastPass.com website. The potential to exploit the vulnerability was limited, as it required a specifically prepared website and a user who was logged into LastPass.
The developers stated on the official LastPass blog that the logs did not indicate that the vulnerability was successfully exploited, other than by the security researcher who discovered it.
The vulnerability has been fixed and, as a consequence, security has been improved on the Last Pass website. The developers list four areas of improvements:
The LastPass blog offers links to several of the concepts and technologies that have been added or implemented as a reaction to the discovered vulnerability.
LastPass users who would like to take a look at the original article can do so here. It details the security researcher's methodology and is a good read for security interested computer users.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.