Lastpass 2020

Posted : admin On 1/26/2022

Password manager LastPass Inc. has suffered an outage that kept some users from accessing their accounts and hence their passwords.

LastPass Premium costs $36 per year. In addition to all the free version’s features, you gain one-to-many sharing, advanced multifactor options (such as YubiKey support), Emergency Access.

LastPass is a simple tool that manages your passwords and increases the security of all your online accounts. LastPass stores all your passwords in your LastPass account behind a master password. Using a password management tool such as LastPass can 10x your online security. Instead of using the same weak password on all the sites, you can use. LastPass is easy to use, feature-rich, and secure. All of LastPass’s essential features are well-designed and user-friendly — both the web vault and browser extension make it very simple to manage all of your passwords and other data, and the auto-save and auto-fill functions work perfectly. LastPass also has a range of additional tools, including multiple two-factor authentication options, mu. LastPass is the winner, hands-down, considering the features offered with both individual and family plans at such affordable tiers. Editors' Recommendations The best password managers for the iPhone. LastPass, launched in 2008, is one of the older password managers and one of the more widely used, with 25 million customers as of September 2020. Like others, it offers free and premium tiers.

Reports of LastPass users being unable to access their account first emerged over the weekend on social media. Exactly what was involved with the outage is unknown, and it didn’t helped that LastPass initially denied there was an issue. It later said there was, without publicizing the disclosure.

— Ryan Dunlop (K0UJX) (@Piper_at_Dawn) January 17, 2020

Lastpass

LastPass has two Twitter accounts, its main @LastPass account and its @LastPassStatus account. On its main account, it outright denies any issues, saying to a user that “our engineering team has checked the status of our service and they cannot find any issues on our side. This is why nothing has been posted to our service status page.”

But on its Status page, later, it states, “RESOLVED: After a thorough investigation, we’ve identified and resolved the login errors caused by a bug in a recent release impacting a small set of users. This has been resolved and all services are now functional.”

The company did go on to say in a blog post today that “over the weekend, a small group of LastPass users may have experienced error messages when attempting to log into their accounts. The LastPass team identified the isolated issue, confirmed it was not a widespread outage, and it has been completely resolved. All services are now working, and no user action is needed.”

You’re right. I’m giving them until tomorrow. If they don’t respond I’m cancelling my acct and starting the arduous task of rebuilding my password management on 1Password. I think LastPass was bought by LogMeIn. The quality of their service has dropped unbelievably. https://t.co/a9p80irXbM

— lulublu22 (@lulubluboo) January 19, 2020

Companies experience outages and issues, so LastPass can’t be knocked for that. However, denying its existence and then not admitting later that it was wrong and there was an issue on its main social media accounts, not just Twitter but Facebook as well, is not good form.

Transparency should be at the top of the company’s list given its previous issues. The company was famously hacked in 2015 and has suffered other issues since then, including a vulnerability that exposed user passwords in 2017 and more recently in September had to patch a bug that allowed malicious websites to steal login credentials.

LastPass remains popular, rated the most popular password manager as of July, but popularity doesn’t give companies an excuse to not be upfront with their users. Password managers are a dime a dozen and there is no shortage of competitors to LastPass.

Image: hunter0405/Flickr

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Lastpass review 2020

Current Description

** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices.


Analysis Description

** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices.

Severity

CVSS 3.x Severity and Metrics:

Lastpass Tutorial 2020

NIST:NVD
Vector:NVD
Vector:HyperlinkResourcehttps://github.com/evilblazer/LastPassVulnerabilitiesExploitThird Party Advisoryhttps://youtu.be/63PfHVSr8iwExploitThird Party Advisory

Weakness Enumeration

CWE-IDCWE NameSource
CWE-287Improper AuthenticationNIST

Known Affected Software Configurations Switch to CPE 2.2

Lastpass Alternative 2020

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Lastpass Changes 2020

Change History

1 change records found show changes