Privacy and security when we use our PC are key elements that we try to take maximum care of today. However, this is something that is not always in our hands, as for example happens with the passwords that we keep so suspiciously.
We tell you all this because now an important security breach caused by a specific person that directly affects us has been made known. In fact, it could put all our passwords saved in this manager at risk, which we will tell you about below. This is something that will affect you directly if you have your passwords saved in the popular LastPass password manager.
A very important massive security breach has just been disclosed concerning this security platform. To give you an idea of ​​all this, this vulnerability that has been discovered is the result of an oversight by one of its engineers. Specifically, the person responsible for all this did not update the application of the popular multimedia service Plex on his home computer. This is just a demonstration of how important it is to keep all of our software up to date at all times.
This security breach that we are referring to was disclosed just a few days ago and some attackers have already taken advantage of it. Apparently, the origin of the vulnerability as such happened before August 12, 2022. All of this was due to a software package external to the platform as such, which led to this bad news related to security.
Your passwords in danger due to an oversight
In fact, this security flaw allowed the attackers to steal encrypted data from the password vault, as well as some of their customer information. A second attack followed, targeting one of the platform’s four engineers and targeting his personal computer with keylogger-type malware. This was how they managed to obtain the credentials and breach the LastPass cloud storage environment.
All this that we are telling you is possible due to a security flaw that is almost 3 years old and that at the time was already patched in the Plex application. It was used for remote code execution on the computer of the engineer who did not update the software on his home PC. More specifically, the vulnerability is known as CVE-2020-5741 and directly affects Plex Media Server on Windows. This allows a remote attacker to execute arbitrary Python code on the affected operating system.
Therefore, it is clear that the password manager engineer had not updated the Plex client on his computer for years, which has affected users of the security platform. Due to this oversight, the installed version of Plex was still vulnerable to this years-old security flaw. As we have told you on many occasions, keeping our PC software updated will save us more than one upset.
