Popular password managers are insecure

A group of researchers from University of California has analyzed five popular password managers based on web technologies. They searched for known vulnerabilities including Cross Site Request Forgery (CSRF) and Cross Site Scripting (XSS). They found out that all of five analyzed password managers suffered by some type of vulnerability while two were vulnerable to CSRF (LastPass and RoboForm) and one to both CSRF and XSS (NeedMyPassword).