LastPass plugs IE add-on vulnerability

Passwords could be exposed during memory dump.

LastPass Monday issued an update for its password management software including a fix for a vulnerability that exposed passwords stored in Internet Explorer, the company said on its blog.

The vulnerability, which requires a number of steps and conditions to exploit, was in the LastPass add-on for IE. The vulnerability did not affect any LastPass add-ons for other browsers.

The company is recommending that users upgrade to this new version.

The update fixes an issue that affected users logged into the LastPass IE extension version 2.0.20. The site passwords used in IE by those users "were potentially accessible in a memory dump," according to the company's blog.

The company said exposure to the vulnerability was minimal and that as "soon as the browser session was ended, the data was cleared from memory.  Privacy and security of our users’ data is paramount. Malware is essentially the only way this could be exploited and we continue to encourage you to utilize anti-malware to protect your data."

LastPass also included sync, password configurations, and history updates, and support for IE 11 in the latest version.