![]() An attack that aimed LastPass servers directly.A direct method where an attacker gained access to a target’s computer.The duo investigated exploits in three differing scenarios, namely: This comprehensive exploit does not even require the master password for the vault, the researchers discovered. The two researchers found a way in which the attacker could bypass two-factor authentication and take advantage of the “account recovery” feature that comes with LastPass, granting an attacker the means to access a target’s vault. The Spanish researching duo have also published their findings in a comprehensive blog post. The exploit and the reveal was a part of a presentation during the Black Hat security conference in Europe last week. Martin Vigo and Alberto Garcia Illera, two security researchers working at Salesforce have proved nothing is un-hackable by revealing an exploit to obtain the decrypt key required to access LastPass’ vault. Two security researchers have revealed that a multitude of design flaws and questionable security measures have shown popular password manager LastPass to potentially expose users’ passwords. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |