Does Lastpass have a serious vulnerability?

According to one Google engineer, Tavis Ormandy, Lastpass has several obvious problems.  The technical details are probably above my pay grade, but this sounds pretty serious.  Here is his tweet:

Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I’ll send a report asap.

— Tavis Ormandy (@taviso) July 26, 2016

No word yet on what the vulnerability is, but every Lastpass user should stay tuned.  I use Lastpass and trust it, but I don’t use it for any banking sites, and I don’t keep any notes in LP that I couldn’t afford to lose.  I always obscure any passwords that I write in my notes and I would advise others to do the same.

Leave a Reply