{"id":1622,"date":"2017-03-22T13:49:03","date_gmt":"2017-03-22T17:49:03","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=1622"},"modified":"2017-03-22T13:49:03","modified_gmt":"2017-03-22T17:49:03","slug":"ormandy-lastpass-vulnerabilities","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/","title":{"rendered":"Researcher Reveals Critical LastPass Vulnerabilities"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1623 size-full\" title=\"LastPass Critical Vulnerabilities in Chrome and Firefox\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg\" alt=\"lastpass-vulnerabilities\" width=\"800\" height=\"350\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities-300x131.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities-768x336.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities-600x263.jpg 600w, https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities-180x79.jpg 180w, https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities-400x175.jpg 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\">A vulnerability in popular password manager LastPass could have exposed users passwords to malicious websites, according to reports from a respected security researcher.<\/p>\n<p style=\"text-align: justify\">LastPass offers web-based password manager and password vault capabilities via a freemium model. The company was purchased by LogMeIn for $110 million in 2015.<\/p>\n<p style=\"text-align: justify\">On Monday, Tavis Ormandy, a white-hat hacker on Google&#8217;s Project Zero security research team revealed a content script that could potentially let malicious sites proxy unauthenticated messages to LastPass browser extensions. This exploit would give hackers access to LastPass commands such as &#8220;copying and filling in passwords,&#8221; according to Ormandy.<\/p>\n<p style=\"text-align: justify\">This is not the first time a LastPass vulnerability has been exposed. In July of 2015, LastPass was hit by a <a href=\"https:\/\/solutionsreview.com\/identity-management\/the-lastpass-security-breach-how-bad-is-it\/\">targeted hack<\/a>\u00a0that accessed users\u2019 email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.<\/p>\n<p style=\"text-align: justify\">In the days following Ormandy&#8217;s disclosure, LastPass investigated the vulnerabilities and fixed them with a server-side workaround, according to a <a href=\"https:\/\/blog.lastpass.com\/2017\/03\/important-security-updates-for-our-users.html\/\">blog post<\/a>.<\/p>\n<p style=\"text-align: justify\">&#8220;We have no indication that any of the reported vulnerabilities were exploited in the wild, but we\u2019re doing a thorough review at this time to confirm,&#8221; says LastPass.<\/p>\n<p style=\"text-align: justify\">The company considers the issue resolved, and fixes are being pushed to all users, with most updating automatically. Users have not been advised to change their passwords.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The issue reported by Tavis Ormandy has been resolved. We will provide additional details on our blog soon.<\/p>\n<p>&mdash; LastPass (@LastPass) <a href=\"https:\/\/twitter.com\/LastPass\/status\/844176201392504834?ref_src=twsrc%5Etfw\">March 21, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability in popular password manager LastPass could have exposed users passwords to malicious websites, according to reports from a respected security researcher. LastPass offers web-based password manager and password vault capabilities via a freemium model. The company was purchased by LogMeIn for $110 million in 2015. On Monday, Tavis Ormandy, a white-hat hacker on [&hellip;]<\/p>\n","protected":false},"author":24,"featured_media":1623,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[489,490,104,442,248],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Researcher Reveals Critical LastPass Vulnerabilities - Identity and Access Management Solutions | Solutions Review<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/\",\"name\":\"Researcher Reveals Critical LastPass Vulnerabilities - Identity and Access Management Solutions | Solutions Review\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg\",\"datePublished\":\"2017-03-22T17:49:03+00:00\",\"dateModified\":\"2017-03-22T17:49:03+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg\",\"width\":800,\"height\":350,\"caption\":\"lastpass critical vulnerabilities chrome and firefox\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Researcher Reveals Critical LastPass Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researcher Reveals Critical LastPass Vulnerabilities - Identity and Access Management Solutions | Solutions Review","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/","url":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/","name":"Researcher Reveals Critical LastPass Vulnerabilities - Identity and Access Management Solutions | Solutions Review","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg","datePublished":"2017-03-22T17:49:03+00:00","dateModified":"2017-03-22T17:49:03+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/03\/lastpass-vulnerabilities.jpg","width":800,"height":350,"caption":"lastpass critical vulnerabilities chrome and firefox"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/ormandy-lastpass-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Researcher Reveals Critical LastPass Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1622"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=1622"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1622\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/1623"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=1622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=1622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=1622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}