CVE-2019-16371

Name of the Vulnerable Software and Affected Versions LogMeIn LastPass versions prior to 4.33.0

Description The issue allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site. This is possible because the do popupregister function can be bypassed via clickjacking.

Recommendations For versions prior to 4.33.0, update to version 4.33.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive websites to minimize the risk of exploitation. Avoid using the do popupregister function until the issue is resolved.