The attacker now have the customers’ encrypted critical information, such as, password vault, copies of LastPass Authenticator seeds, telephone numbers used for the MFA backup option and k2 key ( for LastPass federation), the next final step to successfully get into customer password vaults is simply the brute force method. This means that the system was left unpatched for almost 3 years ( no idea what’s wrong with their BYOD patching policies).Īs we can see, this negligence in patching and vulnerability management, and now resulted in a serious consequence. released in May 2020 ( the current version is is 1.). You will be asked to authenticate your identity using the LastPass Authenticator (2FA) method.It’s turn out the LastPass employee’s home computer was compromised due to the use of unpatched Plex software, which had a vulnerability that was addressed in version 1. Once you complete the LastPass Authenticator setup, open a new browser/private window, and login into your Drupal site.Try login using miniOrange 2-Factor module ( LastPass Authenticator ) You have successfully Configured LastPass Authenticator 2FA method.Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |