Customer forum for LastPass Enterprise
Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn
I encountered a quite juicy security leak regarding shared credentials. In LastPass you have the option to share credentials but hiding the actual password from the receipient's eyes. But if you log into any web account using this credentials via LastPass the browser will ask to store the credentials in it's local / shared database. From there (e.g. Chrome settings) you are able to view the password.
Is there any way to prevent this? (Although I can imagine that LastPass does not have an influence on that)
- Posts: 1
- Joined: Wed Jun 20, 2018 4:32 am
This isn't so much a security leak rather than an unkeepable promise in the first place.
As long as a password is shared, there is always a not too difficult way to reveal that password. Because the sharee have to have access to it (at some level) to actually use it.
LastPass does mention this caveat in their online documentations:https://lastpass.com/support.php?cmd=showfaq&id=1416https://helpdesk.lastpass.com/sharing-4-0/#h3
Ideally, they should also mention this directly in the user interface.
- Posts: 776
- Joined: Wed Mar 18, 2015 12:04 pm
Return to LastPass Enterprise
Who is online
Users browsing this forum: No registered users and 5 guests