Password managers are eroticism of the 70sa vital line of defense in the battle for internet security — which makes it all the more painful when they shit the bed.
The Kaspersky Password Manager (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. Unfortunately, according to security researcher Jean-Baptiste Bédrune, a bad coding decision meant that the passwords it generated weren't truly random and as a result were relatively easy to brute force — a hacking technique using specialized tools to try hundreds of thousands (or millions) of password combinations in an attempt to guess the right one.
Bédrune, who is a security researcher for the cryptocurrency hard-wallet company Ledger, writes that when generating a supposedly random password, KPM used the current time as its "single source of entropy."
While that sounds super technical, it essentially boils down to KPM using the time as the basis for its pseudo random number generator. Knowing when the password was generated, even approximately, would therefore give a hacker vital information in an attempt to crack a victim's account.
"All the passwords it created could be bruteforced in seconds," writes Bédrune.
Bédrune's team submitted the vulnerability to Kaspersky through HackerOne's bug bounty program in June of 2019, and Ledger's blog post says Kaspersky notified potentially affected users in October of 2020.
When reached for comment, Kaspersky confirmed — but downplayed — the problem identified by Bédrune.
"This issue was only possible in the unlikely event that the attacker knew the user's account information and the exact time a password had been generated," wrote a company spokesperson. "It would also require the target to lower their password complexity settings."
Kaspersky also published a security advisory detailing the flaw in April of 2021.
"Password generator was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases," read the alert. "An attacker would need to know some additional information (for example, time of password generation)."
That alert also noted that, going forward, the password manager had fixed the issue — a claim echoed by the spokesperson.
"The company has issued a fix to the product and has incorporated a mechanism that notifies users if a specific password generated by the tool could be vulnerable and needs changing."
SEE ALSO: Why you need a secret phone number (and how to get one)
So what does this mean for the average KPM user? Well, if they've been using the same KPM-generated passwords for over two years (a habit that would typically be fine), they should create new ones.
Other than that? Keep using a password manager and enable two-factor authentication.
Topics Cybersecurity
Applications Now Available for Kizuna's Leadership Program
Japan Expresses Condolences on Passing of Queen Elizabeth
Japan Expresses Condolences on Passing of Queen Elizabeth
Black Ops 6 & Warzone Got Your Six event start date & rewards
Jeffrey Ozawa: Not Just a Cook
Centenary UMC Celebrates 125 Years of Ministry with Girls’ Clubs, Boys Y Clubs, MYF Reunion
Korean War Tribute at Tanaka Farms Rescheduled
Chol Soo Lee’s Story Told in New Documentary
Not Your Ordinary Summer Camp
Buffed Warzone Assault Rifle is perfect AMAX replacement
JANM to Recognize Hirono, Herzig Yoshinaga at Gala Dinner
Go For Broke, AAJA
Best Black Ops 6 audio settings to hear enemy footsteps
EWP Back on Target With ‘Assassins’ Delayed Opening Set for Feb. 17
Greater L.A. JACL Presents Four Scholarships
Suprising Warzone SMG kills faster than meta guns after buff
Orange County Hate Crimes Report Shows Increase in Hate Activity
Venue Change for 'Made in J
Minoru Yasui Day March for Justice in Portland
Legislators Commemorate 21st Anniversary of 9/11
Twitch streamer gives a young gamer the most heartwarming pep talk after losing'MiddlePrince Harry and Meghan Markle want people to donate to charity rather than sending wedding giftsPolice sketch of a burglary suspect goes horribly wrong'If you can't handle me at my worst' has evolved into a bigger, better memeTiffany Haddish says she witnessed an actress bite Beyoncé's faceFlamengo vs. Esperance de Tunis 2025 livestream: Watch Club World Cup for freeDonald Trump throws away his notes, calling them 'boring'People think Sean Spicer wore the bunny costume at the White House Egg RollBlake Lively is trolling Ryan Reynolds once again on Instagram Google foundation announces AI accelerator program for nonprofits iPhone 16: This rumored design change could mean more screen real estate NCSU vs. Purdue basketball livestreams: How to watch live Wordle today: The answer and hints for April 8 JBL Quantum launches?Guide Play, which allows people with low vision to play first NYT's The Mini crossword answers for April 6 Don’t like your DALL Amazon deals of the day: Tile trackers, Samsung Galaxy S24 Ultra, Google Pixel Watch, and more Max subscription deal: Get up to 42% off when you prepay for the year Get an Anker Prime Power Bank portable charger for $89.98 at Amazon
0.1582s , 10022.953125 kb
Copyright © 2025 Powered by 【eroticism of the 70s】A popular password manager screwed up, but there's an easy fix,Global Perspective Monitoring
