LastPass Security Flaws Have Been Fixed, Passwords Safe Again

LastPass is a highly used password manager.

Recently, a security researcher Twitted the weak spots of the on-line password manager, making it an easy target for hackers. In the meantime, the mediated LastPass security flaws have been fixed, the passwords that the manager stores being safe, yet again.

According to LastPass, the problems that Ormany tweeted about on Tuesday were identified and resolved. The online password manager reassured its users that their information is safe and will not fall prey to hackers.

Tavis Ormandy, information security engineer at Google Project Zero, decided to take a quick look at LastPass and the way in which the program handles. After uncovering some flaws, Ormandy took to Twitter in an attempt to make sense of the number of people who use the password manager.

“Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems. I’ll send a report asap,” he tweeted.

Users were not happy with Ormandy’s decision, prompting him into tweeting a second message at only 10 minutes after the original one. The second read:

“OK OK, I get it, lots of people use LastPass. If you work there, please contact me ASAP and let’s get this fixed.”

Other security experts that were questioned about the morality and legality of Ormandy’s gestures have confronting opinions. While the act itself was not appropriate, the interviewed experts have different opinions on how Ormandy should have dealt with the situation.

For example, according to SearchSecurity, representatives from Vectra Networks and Tripwire Vulnerability and Exposure Research Team believe that the issue should not have been posted on Twitter.

On the other hand, Oliver Tavakoli, CTO at Vectra Networks believes that the way in which Ormandy acted was in accordance with the universally-known responsible disclosure procedures. Tavakoli believes that as long as the man only pointed out that there are a couple of issues with the password manager and didn’t name them, LastPass has no reason to complain.

Gunter Ollmann, CSO at Vectra Networks disagrees with his colleague. According to him, when somebody with Ormandy’s reputation signals out problems with a security manager, that person commits a tortious act.

He added that only by indicating that there are certain flaws in the system, hackers start to get interested in the product, searching for the same flaws.

Fortunately, the LastPass security flaws that Ormandy tweeted about were resolved, and users have no reason to fear.

What is your opinion on the LastPass security flaws? Did Ormandy do the right thing by talking about them on Twitter?

Photo courtesy of: LastPass 

The following two tabs change content below.

• Bio
• Latest Posts

Roxanne Briean

I am a geek, a gamer and a writer. I have always been fascinated with the online community. At the moment I work as a full-time writer and study interior design. When I'm not scouring the net in search of interesting new gadgets and software I spend my time in MOBAs or drawing.

Latest posts by Roxanne Briean (see all)

• Former Virginia Tech Freshman Sentenced to 50 Years in Prison for Stabbing a Girl to Death - June 28, 2018
• San Francisco Woman Threatened to Call Police on Girl Who Sold Ice Water for Disneyland Trip - June 25, 2018
• Epping Woman Sentence to 20 Years of Prison for Mutilating Homeless Woman’s Children - June 12, 2018