July 13th, 2014, 07:38 GMT · By Ionut Ilascu
LastPass informs its users that they need to change the master password for the service if they used bookmarklets before September 2013.
The reason is that they have been notified by a security researcher of a vulnerability regarding this feature, which could be leveraged against a user utilizing the bookmarklet on an attacking site.
The flaw was discovered by Zhiwei Li at UC Berkeley and there are no technical details about how the attack could be carried out.
However, LastPass addressed this issue and says that they have no evidence that the vulnerability was used in the wild.
“If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary,” reads a post from LastPass team.
Full Article
LastPass Notifies of Password Change
Userlevel 7
+54
Userlevel 7
Thanks for sharing this Jasper. I didn't use bookmarklets.:)
Userlevel 7
Thank you Jasper!
Userlevel 7
+56
I read that over the weekend. Glad to hear they fixed the security holes. They did say they were so obscure that the likelyhood that anyone was affected was vanishly small, but good to have the holes plugged all the same.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.