Password managers – those programs that many use to store their passwords for their many various online accounts – should, for obvious reasons, be pretty secure from a security standpoint.
They are, after all, the gateway to all your password and username combinations.
However a security researcher has found some “obvious critical problems” with one such popular password manager, LastPass. According to Google’s Project Zero researcher Travis Ormandy, LastPass has some serious issues that could potentially let hackers execute their own malicious instructions on a computer with LastPass installed.
This type of vulnerability is known as RCE – or remote code execution, and it’s one of the more serious types of vulnerability a piece of software can have, simply because it lets anyone run almost any type of their own code they want to on your machine, resulting in serious problems.
Sponsored Content. Continued below...
If someone visits a malicious website designed to exploit this vulnerability, they could potentially allow malware onto their computer with no warning, and the criminals can steal those precious passwords.
So, it’s a serious problem.
The good news is that it appears that Travis may have been the first person to discover the bugs in LastPass, so before you rush to uninstall the program, know that there is no evidence that this is being actively exploited by the bad guys, and LastPass (with Google) are quickly working on a fix.
So if you use LastPass, as soon as that update is ready to install, grab it with both hands.