 | |
| |
| 01 Mar 2011 | #1 |
| | LastPass XSS vulnerability found LastPass XSS vulnerability found, website and browser add-ons affected (updated) Quote: Mike Cardwell, the Stallmanite who recently discovered a fantastically covert way of working out which Web services you're currently logged in to, has found a nasty XSS vulnerability in the LastPass password manager. The cross-site scripting (XSS) vulnerability not only allows nefarious types to see which sites you've recently logged in to, but it also provides access your email address and password reminder. Quote: Update: LastPass has now implemented HSTS and a few other features to make their website and browser add-ons a lot harder to attack in the future. Cross Site Scripting vulnerability reported, fixed Quote: While no client data was impacted, we were notified at ~3pm Eastern time yesterday of a non-persistent cross site scripting vulnerability on the LastPass.com website. By 5:30pm it was fixed, tested and deployed; closing the hole. It's important to note that this was not a flaw with the extensions, and could only be potentially exploited if you visited a malicious site that was setup to exploit this flaw while you were logged into LastPass. A Guy |
My System Specs | |
 |
LastPass XSS vulnerability found problems?
| Thread Tools | |
| Similar help and support threads for: LastPass XSS vulnerability found | ||||
| Thread | Forum | |||
| Zero-day vulnerability found in Adobe X | Security News | |||
| Zero day vulnerability found in Windows MHTML renderer | Security News | |||
| LastPass Acquires Xmarks! | Chillout Room | |||
| Decade-old vulnerability found in Windows | News | |||
| Critical vulnerability found in Adobe Flash Player | News | |||
All times are GMT -5. The time now is 01:59 PM.
