LastPass security flaw leaves user credentials exposed
v3.co.uk | January 18, 2016
A security flaw affecting password manager LastPass could allow an attacker to steal user credentials,emails and passwords,and even access two-factor authentication codes,research has revealed.The flaw was exposed by Sean Cassidy, chief technical officer at cloud security firm Praesidio,who has dubbed it ‘LostPass'.It is an easy-to-execute phishing attack that can display malicious messages in the browser that attempt to gather sensitive credentials."LostPass works because LastPass displays messages in the browser that attackers can fake. Users can't tell the difference between a fake LostPass message and the real thing because there is no difference. It's pixel-for-pixel the same notification and log-in screen,"