For those who have never used the services of LastPass, tell him that we are talking about nothing less than one of the most famous platforms to save and manage the passwords that a user usually uses for any of his daily internet tasks. As has been communicated through the official blog of the service, apparently its software developers have managed fix two security holes that, apparently and according to comments, could allow an attacker to steal all the passwords of a user with a single click.
However, this solution had to be done against the clock after an email sent to LastPass by Mathias karlsson, a researcher who reported one of the bugs that, not receiving a response from the company, decided to publish its history in his websites. Once the story was published, LastPass got to work claiming, curiously, that security is a total and absolute priority for the company. In turn, they have also published and detailed all the characteristics of the errors.
LastPass fixes two security flaws on its platform in record time
Regarding the errors detected, on the one hand we found a failure produced because url parsing code was faulty. Precisely because of this flaw, an attacker could use the LastPass keychain credentials on fraudulent web pages, with the possibility of stealing the keys of the main online services easily and, literally, in record time.
Second, there appeared to be a bug in the LastPass extension for Firefox so that an attacker could lure the victim to a malicious website and, once there, the page could execute actions in the application in the background without the user being aware of it.