CVE-2020-35208

Published: Dec 12, 2020

Modified: Nov 15, 2024

PUBLISHED

Description

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/evilblazer/LastPassVulnerabilities

x_refsource_MISC

https://youtu.be/63PfHVSr8iw

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35208

Description

Affected Products

References