The experts continued to analyze the password manager in an effort to find methods that can be used to hack LastPass from the client side, the server side, and from the outside. Last year, Illera and Vigo demonstrated a method that could be used to obtain the master LastPass password on systems where the “remember password” option was enabled.
Fortunately, LastPass addressed most of the issues shortly after they were reported by the experts. However, in a presentation last week at the Black Hat Europe security conference, Salesforce researchers Alberto Garcia Illera and Martin Vigo disclosed a series of bugs and design flaws that could have been exploited to attack LastPass via various vectors. LastPass’ features and design should in theory make it difficult for an unauthorized party to gain access to passwords, whether they are trying to obtain the information from the user or from the company’s systems. LastPass says it has no access to user data and boasts features such as local and secure encryption, secure encryption keys, and secure storage.
LastPass is a popular single-sign-on (SSO) and password management service that is reportedly used by more than 10,000 organizations. A series of flaws, bad security practices and design issues exposed the passwords of LastPass users to various types of attacks, researchers have demonstrated.
0 kommentar(er)
