web analytics

More LastPass flaws: researcher pokes holes in 2FA

26th April 2017  by John E Dunn

 

Recently we’ve been writing about LastPass more than seems healthy.

 

March saw two rounds of serious flaws made public by Google’s Tavis Ormandy (quickly fixed), which seemed like a lot for a single week. Days ago, news emerged of a new issue (also fixed) in the company’s two-factor/two-step authentication (2FA) security.

 

To coin a phrase, all serious flaws are serious – but some are more serious than others.

 

This one matters for two reasons, only one of which will sound flippant: it wasn’t discovered by Tavis Ormandy, who at times has seemed to be writing a novella on flaw-hunting with the company’s name on it. That’s fine – researching vulnerabilities is his day job, after all.

 

Another researcher with a taste for LastPass, researcher Martin Vigo, uncovered the latest issue, and it’s the 2FA bit of the story that explains the angst.

 

Full Article

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico