Super Admin Password Reset

Customer forum for LastPass Enterprise

Moderators: azitnay, admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Super Admin Password Reset

Postby Wheeler20 » Fri Oct 02, 2015 5:09 pm

I have been looking for clarification on how this works and was seeing if anybody has some more information. So when you enable the Super Admin Password reset policy a public private keypair is generated (per user account?) And the users encryption key is encrypted with the public key and stored by lastpass. The private key is encrypted with the "Super Admins" encryption key and stored by lastpass. So when you go to the user account in the admin console and reset the users password what happens next? At what point is the user vault decrypted then re encrypted with the new key (key is hash of username and password). If this occurring on lastpass servers? Thanks for any clarification!
Posts: 1
Joined: Fri Oct 02, 2015 4:57 pm

Re: Super Admin Password Reset

Postby bob » Mon Nov 23, 2015 5:01 pm

You pretty much got it -- That last part runs locally in the admin's browser. Javascript downloads the admin's private key. We then decrypt it using their local encryption key. This will allow them to decrypt the user's key that was encrypted with the (admin's) public key. Now that we have the user's key, you can download, decrypt and reencrypt their vault contents. No encryption happens on the server, LastPass doesn't have access.
Posts: 243
Joined: Tue Aug 19, 2008 9:47 pm

Return to LastPass Enterprise

Who is online

Users browsing this forum: Majestic-12 [Bot] and 10 guests