Researchers to reveal critical LastPass issues in November 2015

Password managers are great as they store a virtually unlimited number of important information, accounts, passwords, credit card numbers and other sensitive data. They keep you from having to memorize unique strong passwords, or use other means to remember them such as writing them down.

All the data is protected by a single master password, and, if supported, by additional means of protection such as two-factor authentication.

Security of the password manager and its database is of utmost importance, considering that attackers would gain access to all the data stored by a user if they somehow managed to gain access to the account.

That single access would give the attacker access to most of the accounts of that user and even data that is not linked directly to the Internet if it has been added to the vault as well.

mod apk

blackhat europe

Security researchers Alberto Garcia and Martin Vigo will demonstrate attacks on the popular online password management service LastPass at the Blackhat Europe 2015 conference in November.

Here is what they will demonstrate:

  1. How to steal and decrypt the LastPass master password.
  2. How to abuse password recovery to obtain the encryption key for the vault.
  3. How to bypass 2-factor authentication used by LastPass to improve security of accounts.

The methods that they will use to do so are not revealed in the briefing but the researchers mention that that have reversed LastPass plugins and discovered several attack vectors in doing so. It is likely that they mean browser extensions by plugins but it is not clear from the briefing.

While it is too early to tell how effective and applicable these attack forms are, it is certainly something that LastPass users should keep a close eye on.

The attacks could for instance require a modified browser extension or other components that need to run on a computer system to be effective. This would obviously be less of an issue than something that could be exploited right away on systems running official plugins and extensions.

LastPass users will have to wait almost two months before the attacks are revealed on the conference. Cautious users may want to disable extensions in the meantime to avoid harm since it is unclear how these attacks are carried out. (via Caschy)

Now You: Do you use LastPass or another online password manager?


Article Name

Researchers to reveal critical LastPass issues in November 2015


Martin Brinkmann


Security researchers will reveal critical LastPass security issues at the Blackhat Europe 2015 conference in November 2015.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

You are here: Home > Security > Researchers to reveal critical LastPass issues in November 2015

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at