AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() It will also require the target to lower the password complexity settings. This problem was only possible in the unlikely event that the attacker knew the user’s account information and the exact time a password was generated. Kaspersky has solved a security issue in Kaspersky Password Manager, which potentially allowed an attacker to find out passwords generated by the tool. In answer to questions from The Daily Swig, Kaspersky admitted the problem, but downplayed the severity and argued that successful attacks that relied on these vulnerabilities would be difficult in practice. “All the passwords it created can be reset in seconds,” according to Bédrune. It also meant that any password generated using the technology was vulnerable to a brutal force attack based on a dictionary of possible passwords. Until it was updated, Pseudo Random Number Generation, which came with Kaspersky Password Manager, used the current time as its only entropy source.Īs a result, each user who attempted to generate a password at the same time (in seconds) was offered the same suggested password. Dictionary attackĪfter giving users several weeks to update the software, security researcher Jean-Baptiste Bédrune from French security equipment Ledger Donjon has been released with a detailed technical description of the security flaws he discovered in the software. That in itself did not solve the problem completely because the mobile version of the software was still vulnerable until it too was addressed and a consultation published in April 2021. Users were prompted to update to Kaspersky Password Manager 9.0.2 Patch M and regenerate passwords. Several deficiencies – the trace as CVE-2020-27020 – were discovered in June 2019, but were only patched in October 2020. The password generator function in Kaspersky Password Manager was insecure in various ways because the security provider did not follow well-understood cryptographic good practice, it has emerged. ‘All the passwords it created could be forced,’ French researchers apologize
0 Comments
Read More
Leave a Reply. |