Security News > 2021 > July > Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced

Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced
2021-07-07 14:37

A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims.

Developed by Russian security firm Kaspersky, the Kaspersky Password Manager allows users not only to securely store passwords and documents, but also to generate passwords when needed.

The employed algorithm allowed an attacker who knew that the passwords were generated using KPM to create the most probable passwords generated by the utility, Bédrune says.

What the researcher discovered was that the application would use the system time as the seed to generate every password, meaning that "Every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second."

"All public versions of Kaspersky Password Manager liable to this issue now have a new logic of password generation and a passwords update alert for cases when a generated password is probably not strong enough."

Users are advised to update to Kaspersky Password Manager for Windows 9.0.2 Patch F, Kaspersky Password Manager for Android 9.2.14.872, and Kaspersky Password Manager for iOS 9.2.14.31 as soon as possible.


News URL

http://feedproxy.google.com/~r/securityweek/~3/fYpT8Bmoj_E/kaspersky-password-manager-generated-passwords-could-quickly-be-brute-forced

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaspersky 27 9 40 5 5 59