July 13th, 2014, 07:38 GMT · By Ionut Ilascu
LastPass informs its users that they need to change the master password for the service if they used bookmarklets before September 2013.
The reason is that they have been notified by a security researcher of a vulnerability regarding this feature, which could be leveraged against a user utilizing the bookmarklet on an attacking site.
The flaw was discovered by Zhiwei Li at UC Berkeley and there are no technical details about how the attack could be carried out.
However, LastPass addressed this issue and says that they have no evidence that the vulnerability was used in the wild.
“If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary,” reads a post from LastPass team.
Full Article
Userlevel 7
Thank you Jasper!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.