CVE-2020-35208

Name of the Vulnerable Software and Affected Versions LogMein LastPass Password Manager version 4.8.11.2403

Description An issue was discovered in the LogMein LastPass Password Manager app for iOS, where the password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation, allowing an attacker to authenticate with an arbitrary password. The vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices.

Recommendations For version 4.8.11.2403, as a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation, such as requiring a second form of verification. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.