A security researcher says that a security flaw in that company s Web site could reveal sensitive account details. Mike Cardwell, an independent security researcher based in the United Kingdom, discovered a cross site scripting flaw in the site. Cardwell wasn t able to get LastPass to divulge account passwords, but he warned that such an attack may be possible. LastPass issued a fix within hours and acknowledged the problem in a blog post. The company claimed that no client data was impacted and admitted that shortcomings in its testing procedures were to blame for missing the hole.
Source: https://threatpost.com/password-management-site-lastpass-sports-security-hole-022811/74975/

