LastPass, the popular password management tool, has been patched to fix a security flaw that could have left the passwords of Internet Explorer users potentially exposed.
Regular readers will know that I am a big proponent of computer users protecting themselves with tools like Bitwarden, 1Password, and KeePass to help remember and generate unique passwords for every website they use.
It’s a lot better, for instance, than trusting your web browser to remember your password.
But it is essential, of course, that these password management programs are secure – and not leaking sensitive information.
As PC Magazine describes, a flaw was found in the Windows Internet Explorer version of LastPass that meant passwords could be read in plaintext if a memory dump was performed on Internet Explorer.
Fortunately, there are some mitigating circumstances, as the folks at LastPass described to PC Magazine:
“This particular issue would be extremely difficult to exploit – requiring that you be using IE, that you’ve logged in to LastPass to decrypt your data, perform a memory dump, hunt through the memory dump, and actually locate the passwords – we have made fixing this a priority because we value the privacy and security of our users’ data above all else.”
Nevertheless, LastPass responded quickly – and included a security patch for the problem (alongside other fixes) in an important update.
Although this incident is undoubtedly embarrassing for LastPass, I still recommend password management software for all internet users. Keep them updated, and you should find them a heck lot safer than trying yourself to remember secure passwords for every website you access.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.