Showing results for 
Search instead for 
Did you mean: 
New Contributor

Security leak

Hi there,

I encountered a quite juicy security leak regarding shared credentials. In LastPass you have the option to share credentials but hiding the actual password from the receipient's eyes. But if you log into any web account using this credentials via LastPass the browser will ask to store the credentials in it's local / shared database. From there (e.g. Chrome settings) you are able to view the password.

Is there any way to prevent this? (Although I can imagine that LastPass does not have an influence on that)

Active Contributor

Re: Security leak

This isn't so much a security leak rather than an unkeepable promise in the first place.
As long as a password is shared, there is always a not too difficult way to reveal that password. Because the sharee have to have access to it (at some level) to actually use it.

LastPass does mention this caveat in their online documentations:

Ideally, they should also mention this directly in the user interface.