Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
czery
New Contributor

Security leak

Hi there,

I encountered a quite juicy security leak regarding shared credentials. In LastPass you have the option to share credentials but hiding the actual password from the receipient's eyes. But if you log into any web account using this credentials via LastPass the browser will ask to store the credentials in it's local / shared database. From there (e.g. Chrome settings) you are able to view the password.

Is there any way to prevent this? (Although I can imagine that LastPass does not have an influence on that)

Cheers
czery
‎06-20-2018 04:38 AM
0 Kudos
Reply
1 REPLY 1
FlyingHawk
Active Contributor

Re: Security leak

This isn't so much a security leak rather than an unkeepable promise in the first place.
As long as a password is shared, there is always a not too difficult way to reveal that password. Because the sharee have to have access to it (at some level) to actually use it.

LastPass does mention this caveat in their online documentations:
https://lastpass.com/support.php?cmd=showfaq&id=1416
https://helpdesk.lastpass.com/sharing-4-0/#h3

Ideally, they should also mention this directly in the user interface.
‎06-20-2018 10:36 AM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved