Vuln: LastPass for Firefox Security Bypass Vulnerability

Bugtraq ID: 97043
Class: Unknown
CVE:
Remote: Yes
Local: No
Published: Mar 21 2017 12:00AM

Credit: Travis Ormandy
Vulnerable: LastPass LastPass 2.5.1
LastPass LastPass 2.0.4
LastPass LastPass 4.1.21a
LastPass LastPass 4.1.20a


Not Vulnerable: LastPass LastPass 4.1.36a


Discussion


LastPass for Firefox Security Bypass Vulnerability

LastPass is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions.

Versions prior to LastPass 4.1.36a are vulnerable.

Exploit


LastPass for Firefox Security Bypass Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References


LastPass for Firefox Security Bypass Vulnerability

References:
Related Posts