Up until it was updated, the Pseudo Random Number Generation bundled with Kaspersky Password Manager used the current time as its single source of entropy.Īs a result, every user who attempted to generate a password at the same time (in seconds) was offered the same suggested password. Dictionary attackĪfter allowing several weeks for users to update their software, security researcher Jean-Baptiste Bédrune of French security outfit Ledger Donjon has gone public with a detailed technical write-up of the security flaws he discovered in the software. That in itself didn’t completely fix the issue because the mobile version of the software was still vulnerable until that too was addressed and an advisory published in April 2021. Users were told to update to Kaspersky Password Manager 9.0.2 Patch M and re-generate passwords. The multiple flaws – tracked as CVE-2020-27020 – were discovered in June 2019 but were only patched in October 2020. The password generator feature in Kaspersky Password Manager was insecure in various ways because the security vendor failed to follow well understood cryptographic best practices, it has emerged. ![]() ![]() ‘All the passwords it created could be bruteforced,’ bemoan French researchers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |