A dangerous, previously unknown security vulnerability has been discovered in LastPass which permits attackers to remotely compromise user accounts. LastPass is a password vault which pulls user passwords from a secure area and auto fills credentials for them. Brian Spector, CEO at MIRACL commented below.
Brian Spector, CEO at MIRACL:
“Password managers, like LastPass, help users manage the undue burden placed upon them by requiring complex and constantly-changing passwords. But that solution does not fix the problem since it allows all of a user’s passwords to be compromised in one place at one time. The root of password-related problems are on the infrastructure side. Storing authentication credentials in the cloud still makes them vulnerable to server side attacks. The attack vector for cyber-criminals is not an individual user’s vault that store passwords, but the entire enterprise database on the provider side that stores all user credentials. Successfully attacked, which happens extremely frequently, the authentication credentials for every singe user is vulnerable. All efforts by individuals to protect their passwords are entirely in vain if the service itself becomes a single point of failure.
“But we don’t have to accept the weekly announcements of mass-password-breaches. Multi-factor authentication with zero-knowledge protocols do not share or send user authentication credentials across the web. Digital enterprises need to remove the threat of passwords completely and restore trust not only in the services they provide, but in the internet itself.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…