LastPass XSS vulnerability found, website and browser add-ons affected

Not open for further replies.


Thread author
Staff Member
Jan 24, 2011
Mike Cardwell, the Stallmanite who recently discovered a fantastically covert way of working out which Web services you're currently logged in to, has found a nasty XSS vulnerability in the LastPass password manager. The cross-site scripting (XSS) vulnerability not only allows nefarious types to see which sites you've recently logged in to, but it also provides access your email address and password reminder.

First off: don't worry. Cardwell reported the vulnerability to LastPass before writing it up, and it has since been fixed. We're not sure if the fix has propagated out to the Chrome and Firefox add-ons -- but we have to assume that Cardwell wouldn't have written his blog post if the vulnerability still existed.

Update : LastPass has now implemented HSTS and a few other features to make their website and browser add-ons a lot harder to attack in the future

More details - link
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.