LastPass, an online service that keeps your passwords safe behind one master code, isn't nearly as secure as it should be right now.
According to Google's vulnerability researcher Tavis Ormandy, there's at least one unpatched vulnerability in LastPass that would allows attackers to steal passwords "from any domain."
Ormandy recently reported a few other LastPass bugs, including vulnerabilities in the LastPass add-ons for Firefox and Chrome.
I found another bug in LastPass 4.1.35 (unpatched), allows stealing passwords for any domain. Full report will be on the way shortlyhttp://pic.twitter.com/9VkV7R3vud
— Tavis Ormandy (@taviso) March 21, 2017 Read more...
via Zero Tech Blog