Google’s top-notch bug hunter Tavis Ormandy has found another bug in password manager LastPass. LastPass says it deployed a server-side fix within hours of receiving Ormanda’s report. The flaw could be exploited via its browser extensions for Chrome, Firefox and Edge. A successful attack would require some action on the part of a victim, such as visiting a malicious website or falling prey to a phishing email. The vulnerability is connected to a onboarding feature that allows password vaults to be set up via email.”]
Source: https://www.cuinfosecurity.com/lastpass-fixes-software-error-that-exposed-passwords-a-9786