More
    Security

    LastPass Vulnerability Found and Patched

    By Sue Poremba
    Slide Show

    The Latest Attacks Challenging Website Protection Strategies

    While I was on vacation a few weeks ago, I observed my brother-in-law helping his mom with her new smartphone. He recommended that she password-protect it, and he began to explain why before she interrupted him. “Another password?” she grumbled. “How am I supposed to remember another password?”

    From my seat across the room, I held back a chuckle. It is a complaint I hear all the time regarding passwords – how are we supposed to remember all the unique passwords we set up? One of the pieces of advice on how to do that is to sign up for a site like LastPass, which stores all of your passwords so you only need to remember one – your LastPass password – to access that site.

    I admit, I never jumped on that bandwagon because saving passwords on a website seemed like a security risk to me. Anything that deals with website and software is always at risk, right? It turned out that LastPass v2.0.20 has a vulnerability when used in the IE browser. According to HelpNet:

    The bug . . . makes the passwords that LastPass automatically fills into the fields in IE also be stored in plaintext into the computer memory, which ultimately allows them to be extracted via a memory dump.

    PC Magazine explained how it became aware of the problem from one of its readers:

    Our reader informed us that when he performed a memory dump on Windows IE, he was able to retrieve stored LastPass passwords in plaintext. It seems that when the password manager autofills fields in IE, the unencrypted passwords remain accessible in memory. Passwords from previous sessions do not appear to be affected, as quitting IE cleans up the memory. Additionally, passwords which have not been used to autofill fields remain encrypted and cannot be retrieved using this vulnerability.

    LastPass has released a patch for the vulnerability and it is recommended that IE users apply the patch as soon as possible.

    I applaud LastPass for quickly taking care of the problem in order to provide better security for its users. Some security experts say that this vulnerability should not deter users from utilizing password managers like LastPass. I’m still not sold on whether saving passwords through a program like this is the most secure way to keep track of them. But then, it does beat keeping them written down on a sticky note attached to your computer.

    Previous article
    How to Choose the Right Mobile Device: Five Considerations
    Next article
    Top 25 Companies for Work-Life Balance 2013
    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles

    The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.

    Advertisers

    Advertise with TechnologyAdvice on IT Business Edge and our other IT-focused platforms.

    Advertise with Us

    Menu

    Our Brands

    Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.