By Eduard Kovacs on April 21, 2017
http://www.securityweek.com/sites/default/files/images/LastPass_hacked.png
Design flaws in LastPass’ implementation of two-factor authentication (2FA) could have been exploited by hackers to bypass the protection mechanism and gain access to user accounts.
Martin Vigo, one of the Salesforce researchers who in November 2015 reported finding several vulnerabilities in LastPass, has once again analyzed the popular password manager, particularly its 2FA mechanism.
The temporary 2FA codes are generated based on several variables, including a secret seed which is typically encoded in a QR code that the user scans with a 2FA app such as Google Authenticator.
Full Article
Flaws Allowed Hackers to Bypass LastPass 2FA
Userlevel 7
+54
Userlevel 7
Not good, not good...2FA is old hat 9better than nothing but still to be consigned to the archive)...really do n ot understand why they did not implement 3FA...much safer & robust. :(
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.