Every password created could be easily bruteforced. So, someone trying to hack a user's account need only know when the account was created and if the Kaspersky Password Manager was used. "Our recommendation is, however, to generate random passwords long enough to be too strong to be broken by a tool." "If an attacker knows a person uses KPM, he will be able to break his password much more easily than a fully random password," said Ledger Donjon's head security researcher. According to the research, it meant every instance of Kaspersky in the world would generate the same password at a given second. ZDNet shared research performed by Ledger Donjon explaining the issue behind using this kind of logic to generate a password. However, rather than use several layers of logic to develop a strong password, Kaspersky was using only the current time to determine a generated password. Password generators are not always entirely random since there is potential for weak passwords in entirely random sequences. The issue was assigned CVE-2020-27020 and Kaspersky published an advisory in April, 2021.Kaspersky Password Manager made easy to crack passwords prior to October 2019 And in October 2020, Kaspersky released KPM 9.0.2 Patch M, which included a notification to users that certain weak passwords need to be regenerated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |