What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.
Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn
I found a major bug in your share feature. If the user is using Google Chrome password manager and last pass once a user logs in to a shared password site Google password manager offers to save the password and there is an icon that lets the user see the hidden shared password. Please disable, fix or warn users of this vulnerability.
- Posts: 1
- Joined: Tue Sep 10, 2019 9:30 pm
This has been noted in the sharing documentation for quite some time now. It's not really a vulnerability since LastPass has zero control over a password once it is released from the password manager into the browser. Best practice is to be aware of this and share accordingly.
- Posts: 8663
- Joined: Tue Mar 06, 2012 9:10 pm
This has always been noted in docs.
See https://support.logmeininc.com/lastpass ... 0007#About
It's not bug or vulnerability because it is the expected behaviour. It can only be considered as a limitation.
I personally think LastPass should just remove the "hidden shared password" "feature". It's just an impossible feature that brings users a false sense of security that is actually beyond LastPass's threat model.
- Posts: 790
- Joined: Wed Mar 18, 2015 12:04 pm
Return to Feedback
Who is online
Users browsing this forum: No registered users and 11 guests