Sign up FAST! Login

Extracting LastPass Site Credentials from Memory


Extracting LastPass Site Credentials from Memory Tech Anarchy

Source: https://techanarchy.net/2016/10/extracti...

At some point LastPass has to put the credentials in clear in to the logon fields for the POST request. This makes sense if im on the logon page with auto fill enabled. Thats not always the case. In most cases if the domain is loaded in an active tab regardless of page this prompt is displayed.

I wanted to know if the credentials are unencrypted only when the form fields are present or any time the domain is loaded. So i setup a test environment to see what i could find.

Stashed in:

To save this post, select a stash from drop-down menu or type in a new one:

shudders

Shudders?