The privacy and security when we use our PC are key elements that we try to take maximum care of today. However, this is something that is not always in our hands, as for example happens with the passwords that we keep so suspiciously.
We tell you all this because now an important security breach caused by a specific person that directly affects us has been made known. In fact, it could put all our passwords saved in this manager at risk, which we will tell you about below. This is something that will affect you directly in the event that you have your passwords saved in the popular password manager LastPass.
A very important massive security breach has just been disclosed concerning this security platform. To give you an idea of all this, this vulnerability that has been discovered is the result of an oversight by one of its engineers. Specifically, the person responsible for all this did not update the application of the popular Plex media service on your home computer. This is just a demonstration of how important it is to keep all of our software up to date at all times.
This security breach that we are referring to was disclosed just a few days ago and some attackers have already taken advantage of it. Apparently the origin of the vulnerability as such, happened before last August 12, 2022. All this because of a software package external to the platform as such that led to this bad news related to the security
Your passwords in danger due to an oversight
In fact, this security flaw allowed attackers steal encrypted data from the password vault, as well as certain information from your customers. A second attack followed, targeting one of the platform’s four engineers and targeting his personal computer with keylogger-type malware. This was how they managed to obtain the credentials and breach the LastPass cloud storage environment.
All this that we are telling you about is possible due to a security flaw that is almost 3 years old and that at the time was already patched in the plex app. It was used for remote code execution on the computer of the engineer who did not update the software on his home PC. More specifically, vulnerability is known as CVE-2020-5741 and directly affects Plex Media Server on Windows. This allows a remote attacker to execute arbitrary Python code on the affected operating system.
Therefore, it is clear that the engineer of the password manager he had not updated the Plex client on his computer for years, which has affected users of the security platform. Due to this oversight, the installed version of Plex was still vulnerable to this years-old security flaw. As we have told you on many occasions, keeping our PC software updated will save us more than one upset.
