Update now to stop webpages snooping on recently used credentials
LastPass has fixed a security bug that potentially allowed malicious websites to obtain the username and passphrase inserted by the password manager on the previously visited site.
In other words, if you visited website A, and LastPass automatically injected a username and password for you to log in, and then you surfed to website B, the latter could access the password issued to website A. Netizens are advised to update LastPass to version 4.33.0 or later, which squashes this bug.
Google Project Zero flaw-finder Tavis Ormandy discovered and privately reported the programming blunder, which is technically a clickjacking vulnerability, and went public with the details on Sunday night.
"To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass ..
Support the originator by clicking the read the rest link below.
