LastPass fixes security flaw in a LastPass add-on for Firefox

LastPass fixes security flaw in a LastPass add-on for Firefox

On Wednesday, password manager LastPass said that it has rolled out an update to fix a security flaw in a LastPass add-on for the Firefox browser.

The security flaw which has been fixed by LastPass in an add-on for the Firefox browser was uncovered by Tavis Ormandy, a well-known Google Project Zero information security engineer. The flaw could potentially be exploited by hackers to remotely hijack the password management software.

When Ormandy discovered the security flaw in a LastPass add-on for the Firefox, he said – while examining the password manager – in a Twitter post on Tuesday: "Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap."

The security flaw, which LastPass has now fixed for Firefox users, works by first alluring the users to a malicious site, thereby enabling hackers to exploit the flaw in a LastPass add-on for Firefox, for remotely gaining control over the password management software.

In reference to the now-patched security flaw, LastPass spokesperson told SearchSecurity: "As always, we appreciate the work of the security community to challenge our product and ensure we deliver a secure service for our users."

Tags: 

Health