✉️ Sign up for the mailing list ✉️ https://mailing.bugbountyexplained.com/
?Get a free 2 week trial of Detectify – the sponsor of today’s video? https://www.detectify.com/bbre

This video is an explanation of a critical vulnerability that was found and reported to LastPass by Mathias Karlsson. It was before LastPass created their bug bounty program, but he still got $1,000 for it. The vulnerability would allow the attacker to steal all passwords of a victim that visited their website. The vulnerability has been fixed and is no longer exploitable.

☕️ Support my channel ☕️

? Get $100 in credits for Digital Ocean ?

✎Sign up for Pentesterlab from my referral✎

Original writeup:

Matihas’ twitter:

Follow me on twitter:

00:00 Intro
00:23 Detectify – the sponsor of today’s video
00:55 The vulnerability in URL-parsing function
05:22 The real exploit scenario
06:00 The fix
06:22 Does this mean password managers are unsafe?
07:00 Outro

Add comment

Your email address will not be published. Required fields are marked *