LastPass API Token
Service Name: LastPass
Service Description: LastPass is a password management service that stores encrypted passwords online. It offers features for secure password storage, generation, and sharing across devices and teams.
Service Address: https://www.lastpass.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the enterprise account level through LastPass Enterprise policies.
Secret Access Scope: Grants programmatic access to LastPass Enterprise API, allowing management of users, groups, and organizational policies.
Secret Revokement URL: https://admin.lastpass.com/admin/#/enterprise/administration/api
Secret Example: e5c1f76c-9b7d-4d8a-b193-04661a55c9ea
Suspicious Activity Investigation Instructions:
- Review LastPass admin console for unauthorized API calls or changes
- Check LastPass event logs for unusual access patterns or locations
- Monitor for unexpected user account changes, policy modifications, or data exports
- Verify if any unauthorized sharing centers or groups were created
- Examine API call history for suspicious operations like mass password exports
Mitigation Instructions:
- Log in to the LastPass Enterprise Admin Console
-
Navigate to Advanced > API
-
Locate the compromised API token and click "Delete"
- Generate a new API token if needed
- Review and update IP restrictions for API access if applicable
- Consider implementing additional security measures like IP allowlisting
- Audit user permissions and access rights across the organization
- Enable additional security controls like multi-factor authentication for admin
accounts