- #Kaspersky password manager flaw bruteforced passwords generator#
- #Kaspersky password manager flaw bruteforced passwords android#
Tracked as CVE-2020-27020, the vulnerability is related to the use of a pseudorandom number generator (PRNG) that was not cryptographically secure. However, if an attacker knows a person uses KPM, he will be able to break his password much more easily than a fully random password,” the researcher says. “We can conclude that the generation algorithm in itself is not that bad: it will resist against standard tools. The employed algorithm, however, allowed an attacker who knew that the passwords were generated using KPM to create the most probable passwords generated by the utility, Bédrune says. The passwords appeared to have been created so as to prevent cracking from commonly used password crackers. The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable. KPM was designed to generate 12-character passwords by default, but allows users to personalize their passwords by modifying settings in the KPM interface, such as password length, and the use of uppercase and lowercase letters, digits, and special characters. The issue with the application, Ledger security researcher Jean-Baptiste Bédrune discovered roughly two years ago, was that its secure password generation mechanism was weak, allowing for created passwords to be brute-forced within seconds.
#Kaspersky password manager flaw bruteforced passwords android#
The application is available for Windows, macOS, Android and iOS, and the sensitive data can also be accessed through the web. A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims.ĭeveloped by Russian security firm Kaspersky, the Kaspersky Password Manager (KPM) allows users not only to securely store passwords and documents, but also to generate passwords when needed.Īll of the sensitive data stored in KPM’s vault is protected by a master password.
0 kommentar(er)
