Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I used LastPass for a while. Then it filled in my username and password (correctly) on a website without my having authenticated... It looks like there's an unencrypted local cache which is not flushed when your authentication expires or you log out. I wasn't able to reproduce it but I was sufficiently spooked to stop using it after that.


Sure it wasn't the browser that filled it in?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: