Vulnerability Rendered LastPass Two-Factor Authentication Useless

Vulnerability Rendered LastPass Two-Factor Authentication Useless

Vulnerability Rendered LastPass Two-Factor Authentication Useless

LastPass has patched a severe vulnerability in their password manager that allowed attackers to bypass the company’s two-factor authentication (2FA) system.According to the Martin Vigo, founder of Triskel Security and the security researcher who discovered this flaw, the vulnerability can only be exploited when an attacker has already compromised the user’s LastPass master password.While this sounds like a non-issue, it is not. The main purpose why 2FA was invented to begin with was to act as a second layer of protection just for these cases, where the attacker has managed to guess or get hold of the user’s password.This means Vigo’s attack could have been used to nullify LastPass 2FA altogether, stripping away this second layer of protection.

Källa: Vulnerability Rendered LastPass Two-Factor Authentication Useless

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.