In another case, Tavis Ormandy, a Google Security Team researcher exposed a message-hijacking bug that affected the LastPass Firefox addon. Good news is that Karlsson reported the issue to LastPass who fixed the flaw immediately and paid him a sum of $1000. I, too, have hacked LastPass :) cc Mathias Karlsson July 27, 2016 Must Read: Top 15 Cyber Attacks and Security Breaches in 2015 Karlsson also shared a screenshot he took from the domain which displayed Titter credentials in the clear-text form: Since the code only URL encodes the last occurrence of the actual domain is treated as the username portion of the URL. However, the URL parsing code was flawed, stated Karlsson.”įurther, Karlsson tested the bug found that the browser would display the current domain as while the extension would treat it as . “First, the code parsed the URL to figure out which domain the browser was currently at, then it filled any login forms with the stored credentials. In a blog post, Karlsson revealed that the bug was in the URL parsing. It all happened when Karlsson noticed LastPass has added HTML code on their website and upon further digging, he found out a serious bug allowing him to extract passwords stored in the autofill feature. Mathias Karlsson, an IT security researcher recently breached the security of popular password managers LastPass and reported the issue to the firm. LastPass password manager had its security compromised by two white hackers in two days - It turned out sometimes it’s good to be hacked by good hackers!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |