LastPass, a popular password management service with extensions for Firefox, Chrome, and Internet Explorer, suffers from a clickjacking vulnerability. It can be exploited on sites without proper X-Frame-Options headers to steal passwords. The password autofill dialogue can be overlaid with a deceptive webpage that tricks users into copying and then pasting passwords into an attacker’s site.
News & Events
News tagged "Clickjacking"
Security Analyst Matt Bryant recently found a clickjacking vulnerability in the LastPass browser add-on. Bryant successfully and quickly worked with LastPass’s team to fix the vulnerability. For further details, please check out his blog post or our technical advisory.