Tracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. The only thing left to do now is migrate to a different password manager, change absolutely EVERYTHING and hope this never happens again.The US Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities impacting Plex and VMware products to its Known Exploited Vulnerabilities (KEV) catalog. Your master password may take 1 billion years to crack on current hardware that much is true, but the hardware a decade from now may do it in 1 minute. The job will get easier and easier with every new GPU/CPU generation. You should now assume that your vault is out there forever and it's only a matter of time before even the strongest master passwords are cracked. The strength of the 2nd lock depends on multiple factors including password entropy, password reuse and previous breaches.Įven if you go and change your master password now it will make no difference at all since you cannot change the master password that is tied to the backup. The key to the 2nd lock is the master password that was used at the time the backup was made. The threat actor knows which email is tied to your LastPass account which basically gives them the 1st key to a door with 2 locks. The threat actor has obtained a backup of all of your vaults and the 2FA protecting your account has already been bypassed.
0 kommentar(er)
