Security leak

Customer forum for LastPass Enterprise

Moderators: azitnay, admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Security leak

Postby czery » Wed Jun 20, 2018 4:38 am

Hi there,

I encountered a quite juicy security leak regarding shared credentials. In LastPass you have the option to share credentials but hiding the actual password from the receipient's eyes. But if you log into any web account using this credentials via LastPass the browser will ask to store the credentials in it's local / shared database. From there (e.g. Chrome settings) you are able to view the password.

Is there any way to prevent this? (Although I can imagine that LastPass does not have an influence on that)

Cheers
czery
czery
 
Posts: 1
Joined: Wed Jun 20, 2018 4:32 am

Re: Security leak

Postby FlyingHawk » Wed Jun 20, 2018 10:36 am

This isn't so much a security leak rather than an unkeepable promise in the first place.
As long as a password is shared, there is always a not too difficult way to reveal that password. Because the sharee have to have access to it (at some level) to actually use it.

LastPass does mention this caveat in their online documentations:
https://lastpass.com/support.php?cmd=showfaq&id=1416
https://helpdesk.lastpass.com/sharing-4-0/#h3

Ideally, they should also mention this directly in the user interface.
FlyingHawk
 
Posts: 740
Joined: Wed Mar 18, 2015 12:04 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 2 guests