14 DAY TRIAL // LastPass 2.5.0 has been released to address a security issue that exposes the passwords of Internet Explorer users.
According to PC Magazine, experts have discovered that they’re able to retrieve stored LastPass passwords in plain text from an Internet Explorer memory dump. The problem is that when the software autofills the passwords in the web browser, the unencrypted passwords become accessible in the memory.
While this vulnerability might seem serious, LastPass reassures users that it’s not easy to exploit. That’s because the passwords from previous browsing sessions are cleaned up from the memory.
The company’s representatives have told PC Mag that the victim would have to be using IE, and be logged in to LastPass to decrypt the passwords. Furthermore, it’s difficult for an attacker to perform a memory dump without having direct access to the computer.
While this vulnerability impacts only IE customers, all LastPass users are advised to update their installations since the other changes made in the latest release affect all web browsers.