Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Further to that though, we now know that this problem is fixed in LastPass. We don't know about other password managers.

Um...it was a really stupid mistake. Writing your own bug-prone regex here instead of using an existing, trustworthy function is just really bad. Especially when the consequences of a bug mean a hacker can steal someone's passwords.

You should really hope that any company that prides itself (and bases itself) on security would never release this bug. It absolutely lowers the reputation of lastpass.



Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: