Kaspersky Password Manager has been creating easy-to-guess passwords

Of course it is to feel scammed. It turns out that you buy software to have your files encrypted and safe, and it turns out that for a while, the passwords generated by said application were very easy to guess.

If you are using Kaspersky Password Manager To encrypt your files, check the passwords created and change them, because they can be easy for a slightly clever hacker to guess. I said, to feel ripped off, without a doubt.

If you have been using Kaspersky Password Manager (KPM) on your Mac for a while, you may need to generate some new passwords. A security researcher has discovered two flaws that could turn out a hacker would only have to test 100 passwords to find yours generated with KPM. What a fabric, Mr. Kaspersky.

ZDNet has published a report where it explains that these erroneous passwords are those generated by KPM until October 2019. The big mistake KPM made was using the current system time in seconds as a pseudo-random number generator.

This means that every computer with Kaspersky Password Manager installed in the world will generate exactly the same password in a given second. For example, there are 315619200 seconds between 2010 and 2021, so KPM could generate a maximum of 315619200 passwords for a given character set. An attack on gross form it would only take a few minutes to crack the key.

The report notes that because websites often show account creation time, that would leave KPM users vulnerable to attack brute force of around 100 possible passwords.

Kaspersky has recognized the problems, and has publicly confirmed that a new password generation system is now in place. It has also indicated that for security, if you were using KPM before October 2019, it advises that all passwords generated by the application be changed.

Related Articles