Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced | SecurityWeek.Com
www.securityweek.com
A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds

The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable.

The passwords appeared to have been created so as to prevent cracking from commonly used password crackers. The employed algorithm, however, allowed an attacker who knew that the passwords were generated using KPM to create the most probable passwords generated by the utility, Bédrune says.

  • @ajz
    42 years ago

    deleted by creator

    • @joojmachineOP
      13 years ago

      Oh it wasn’t mentioned in the article, all it had was “Kaspersky started releasing patches in 2019, but it only published an advisory in April 2021.”

      • @ajz
        22 years ago

        deleted by creator

  • @kevincox
    23 years ago

    The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable.

    What? That isn’t the problem at all. The problem is that the password was basically an obfuscated version of the generation time with second resolution.

    This was also fixed a year ago, seems like a pretty shit article.