✉️ Sign up for the mailing list ✉️ https://mailing.bugbountyexplained.com/
?Get a free 2 week trial of Detectify – the sponsor of today’s video? https://www.detectify.com/bbre

This video is an explanation of a critical vulnerability that was found and reported to LastPass by Mathias Karlsson. It was before LastPass created their bug bounty program, but he still got $1,000 for it. The vulnerability would allow the attacker to steal all passwords of a victim that visited their website. The vulnerability has been fixed and is no longer exploitable.

☕️ Support my channel ☕️
https://www.buymeacoffee.com/bountyexplained

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Original writeup:
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

Matihas’ twitter:
https://twitter.com/avlidienbrunn

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:23 Detectify – the sponsor of today’s video
00:55 The vulnerability in URL-parsing function
05:22 The real exploit scenario
06:00 The fix
06:22 Does this mean password managers are unsafe?
07:00 Outro

Add comment

Your email address will not be published. Required fields are marked *