Kaspersky Password Manager's random password generator was about as random as your wall clock

2021-07-06 20:49

Last year, Kaspersky Password Manager users got an alert telling them to update their weaker passwords.

Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well - the software used a pseudo-random number generator that was insufficiently random to create strong passwords.

I was going to laugh off this Kaspersky password manager bug, but it is *amazing*.

"The password generator included in Kaspersky Password Manager had several problems," the Donjon research team explained in a blog post on Tuesday.

KPM's interface includes a one-second animation of rapidly shifting random characters that obscures the moment the actual password gets generated.

"Kaspersky has fixed a security issue in Kaspersky Password Manager, which potentially allowed an attacker to find out passwords generated by the tool," a company spokesperson said in an email to The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/06/kaspersky_password_manager/

#kaspersky #passwordmanager

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kaspersky		23	0	19	16	6	41