🔍Get a free 2 week trial of Detectify – the sponsor of today’s video🔍 https://www.detectify.com/bbre
This video is an explanation of a critical vulnerability that was found and reported to LastPass by Mathias Karlsson. It was before LastPass created their bug bounty program, but he still got $1,000 for it. The vulnerability would allow the attacker to steal all passwords of a victim that visited their website. The vulnerability has been fixed and is no longer exploitable.
☕️ Support my channel ☕️
🖥 Get $100 in credits for Digital Ocean 🖥
✎Sign up for Pentesterlab from my referral✎
Follow me on twitter:
00:23 Detectify – the sponsor of today’s video
00:55 The vulnerability in URL-parsing function
05:22 The real exploit scenario
06:00 The fix
06:22 Does this mean password managers are unsafe?