Password
vault provider Lastpass has moved quickly to close a remote code
execution vulnerability found in its Chrome extension but has failed
to do likewise with regards to its counterpart for Firefox.
A
Google Project Zero researcher, Tavis Ormandy, insists that issues
persist with the Firefox extension:
Lastpass
is a cloud storage password vault that provides browser extensions to
connect the vault with the user’s Lastpass account. This allows the
user to access and automatically fill in save login details when
attempting enter favoured websites.
This
is not the first
time that Lastpass has been discovered to be insecure, nor
will it be the last. Readers are advised to use Keepass.
An offline, open-sourced password solution.
0 comments:
Post a Comment