Bug in LastPass’s Internet Explorer plug-in exposes password of some users

The password management web-service, LastPass has reported a bug in its Internet Explorer plug-in which has exposed passwords of many of its users.

LastPass-password-breach

The firm provides a service to store users’ password in the cloud, and let them log-in to all of their accounts by only telling their primary password. Past Monday, the firm reported that Its Internet Explorer plug-in version 1.0.20 has a bug that makes it expose the password when attackers perform a memory dump of the browser.

Company explained that it is only its Internet Explorer plug-in that went haywire as rest of all its add-ons are working fine. LastPass’s spokesperson said that the risk of someone accessing your password becomes very slim once you have closed your browser as when the session ends every track of it is erased and rest things are encrypted, so the attacker will require physical access to your computer in able to retrieve your password.

He hopes that this mistake won’t leave a bad impression on people and wish more users will start using their service soon as it is more secure and time saving way to manage passwords.

The updated build also contains a fix for an issue in the LastPass addon in IE, whereby if you were logged into the LastPass IE extension version 2.0.20 site passwords were potentially accessible in a memory dump. The above issue only affected the IE addon, and as soon as the browser session ended, the data would have been cleared from memory. The scope of the issue is minimal, but privacy and security of our users’ data is paramount. Malware is essentially the only way this could be exploited and we continue to encourage you to utilize anti-malware to protect your data, said LastPass in a blog post.

Last Pass has patched this breach in its latest update.

Posted by with Tags
Roger Dunning is a technology evangelist. He lives in New York with his wife and pet dog. You can find him 24×7 on the Internet.