LastPass plugs IE add-on vulnerability

Summary:Passwords could be exposed during memory dump.

LastPass Monday issued an update for its password management software including a fix for a vulnerability that exposed passwords stored in Internet Explorer, the company said on its blog.

The vulnerability, which requires a number of steps and conditions to exploit, was in the LastPass add-on for IE. The vulnerability did not affect any LastPass add-ons for other browsers.

The company is recommending that users upgrade to this new version.

The update fixes an issue that affected users logged into the LastPass IE extension version 2.0.20. The site passwords used in IE by those users "were potentially accessible in a memory dump," according to the company's blog.

The company said exposure to the vulnerability was minimal and that as "soon as the browser session was ended, the data was cleared from memory.  Privacy and security of our users’ data is paramount. Malware is essentially the only way this could be exploited and we continue to encourage you to utilize anti-malware to protect your data."

LastPass also included sync, password configurations, and history updates, and support for IE 11 in the latest version.

Topics: Security


John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.