Wednesday, August 16, 2017

How can the latest LastPass vulns be mitigated?

Tavis Ormandy, a Google Project Zero researcher, has been a thorn in the side of LastPass for the past year. In 2016, he found multiple vulnerabilities in its software, and in March 2017, he discovered multiple new exploits in the LastPass password management tool that enabled password theft and remote code execution.

LastPass is password manager that creates random passwords, enabling an application/website to auto-fill passwords when possible, and it creates a digital wallet of credentials. This tool improves credential hygiene and limits a user from password reuse. Because of this, LastPass has become a target, and Ormandy's findings have helped the company to improve its security by remediating the LastPass vulnerabilities before they are exploited in the wild. Read more of my article at the link below:

1 comment: