LastPass 4.1.43 Vulnerability: Password Manager Users Should Take Precautions As It Fixes Security Flaw
After issuing several quick fixes to vulnerabilities last week, password manager LastPass has issued to users several precautionary steps for them to take as the company works to patch new exploits discovered over the weekend.
The latest bug, spotted by Google Project Zero researcher Tavis Ormandy, affects the most recent version of LastPass for Google Chrome. In a blog post, LastPass acknowledged the issued and said, “we are now actively addressing the vulnerability.”
Read: Security Flaw Found In LastPass On Google Chrome, Firefox
Details of the vulnerability itself are sparse—neither Ormandy nor LastPass are revealing much until the problem is fixed. However, the issue has been described as being client-side and LastPass described the potential attack as “unique and highly sophisticated.”
The password manager service also suggested its users take three precautions in order to protect themselves from client-side issues.
First, LastPass recommended its subscribers use LastPass Vault—the page that contains all a user’s information—as a launch pad to open sites directly rather than using the browser extension.
LastPass also advised its users to make sure they use two-factor authentication whenever possible. Doing so adds an extra security check before allowing a user to login to a site by requiring them to verify their login attempt was real. This often requires a second device that will receive a temporary code to login with.
Finally, LastPass warns users to keep an eye out for phishing attacks. The email-based attacks are still surprisingly common and effective, as all it takes is clicking one wrong link to accidentally surrender a considerable amount of access to your accounts.
Read: Digital Privacy: Keeping Your Personal Data, Devices Safe
LastPass has had a rough couple weeks when it comes to reported vulnerabilities. Ormandy pointed out two issues to the company last week that affected the browser extensions for Google Chrome and Mozilla Firefox.
Those issues were patched nearly immediately—in less than 24 hours—and automatic updates were pushed to users to ensure they were not at risk. “Very impressed with how fast LastPass responds to vulnerability reports. If only all vendors were this responsive,” Ormandy said in a tweet.
© Copyright IBTimes 2024. All rights reserved.