![]() What's glaring to us is that the chain of events that led to this breach started right from the top: LastPass allowed this senior employee to access privileged work surfaces through their personal computer, opening up the possibility for someone to gain access to this employee's Plex account, to execute a long-patched exploit that worked due to the aforementioned's negligence, and to gain unfettered access to those work surfaces from there. LastPass declined to comment on the new information. "For reference, the version that addressed this exploit was roughly 75 versions ago," a LastPass spokesperson said. The company released Plex Media Server v1.19.3 that very same day to patch the gap. The loophole allowed those with access to a server administrator's Plex account to upload a malicious file through the Camera Upload feature and, by overlapping the locations of the server data directory with a library that allowed Camera Uploads, have the media server execute it. Connect with the best of the Indian plastics industry at PLEXCONNECT 2023. The company tells PCMag that, for some reason, the LastPass employee never updated their client to apply the patch. Source all your plastics from India at PLEXCONNECT 2023, Indias first ever. Plex has revealed that the exploit in question took advantage of a vulnerability that was disclosed back on May 7, 2020.
0 Comments
Leave a Reply. |