Password managers are gloomy eroticisma vital line of defense in the battle for internet security — which makes it all the more painful when they shit the bed.
The Kaspersky Password Manager (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. Unfortunately, according to security researcher Jean-Baptiste Bédrune, a bad coding decision meant that the passwords it generated weren't truly random and as a result were relatively easy to brute force — a hacking technique using specialized tools to try hundreds of thousands (or millions) of password combinations in an attempt to guess the right one.
Bédrune, who is a security researcher for the cryptocurrency hard-wallet company Ledger, writes that when generating a supposedly random password, KPM used the current time as its "single source of entropy."
While that sounds super technical, it essentially boils down to KPM using the time as the basis for its pseudo random number generator. Knowing when the password was generated, even approximately, would therefore give a hacker vital information in an attempt to crack a victim's account.
"All the passwords it created could be bruteforced in seconds," writes Bédrune.
Bédrune's team submitted the vulnerability to Kaspersky through HackerOne's bug bounty program in June of 2019, and Ledger's blog post says Kaspersky notified potentially affected users in October of 2020.
When reached for comment, Kaspersky confirmed — but downplayed — the problem identified by Bédrune.
"This issue was only possible in the unlikely event that the attacker knew the user's account information and the exact time a password had been generated," wrote a company spokesperson. "It would also require the target to lower their password complexity settings."
Kaspersky also published a security advisory detailing the flaw in April of 2021.
"Password generator was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases," read the alert. "An attacker would need to know some additional information (for example, time of password generation)."
That alert also noted that, going forward, the password manager had fixed the issue — a claim echoed by the spokesperson.
"The company has issued a fix to the product and has incorporated a mechanism that notifies users if a specific password generated by the tool could be vulnerable and needs changing."
SEE ALSO: Why you need a secret phone number (and how to get one)
So what does this mean for the average KPM user? Well, if they've been using the same KPM-generated passwords for over two years (a habit that would typically be fine), they should create new ones.
Other than that? Keep using a password manager and enable two-factor authentication.
Topics Cybersecurity
Trump's national security strategy omits climate change as a threat
Some evidence Trump is probably using to make his wild voter fraud case
Apple now lets you extend your iPhone warranty forever
Apple's new iPhone 11 is already delivering memes
Waitin’ on the Student Debt Jubilee
Jenna Fischer and Angela Kinsey team up for 'The Office' podcast
Google Pixel 4 takes photos of the stars in leaked video
No, Fox News didn't get Trump to flash the White House lights on and off
Things Intel Needs to Fix
Apple's 'slofie' is its most pointless 'innovation' since Animoji
In Hindsight: Some of the Worst CPU/GPUs Purchases of 2017
Google Pixel 4 takes photos of the stars in leaked video
The bill Uber and Lyft fought against passed, and it could shake up the gig economy
Trump is going to build that damn wall and all people can talk about is avocados
Amazon Pet Day: All the best deals
Print IRL Polaroids straight from your phone with this 'tabletop darkroom'
Ed Sheeran's tweet about his new GQ cover is classic Ed Sheeran
Apple’s new iPhone 11 is so pretty in person. About that bump, though…
Best robot vacuum deal: Save $140 on roborock Q7 Max Robot Vacuum
Google Pixel 4 takes photos of the stars in leaked video
Cilantro hater lashes out with a very relatable grocery store signPornhub wishes you a horny Christmas in surprisingly SFW adAll the most mesmerizing space gifs from NASA's brandApple and Nintendo are offering Super Mario Runs demos in Apple StoresJohn Glenn, allFacebook is really, seriously working on its fake news problem, Sheryl Sandberg saysGoogle is opening Home to third party developersGenius builds robot that communicates in GIFsFormer NFL star Andre Johnson treats needy kids to a $20K Christmas shopping spreeGet nostaglic with The Rock, James Corden and every YouTube star everMan wishing you a "perfectly adequate" Christmas is so, so BritishSomeone is willing to pay more than $16,000 for a coffee date with Ivanka TrumpThe best tech gifts for Netflix and chill this holiday seasonThe BBC's in trouble for a story it ran on the new king of ThailandFacebook cofounder and others pledge $10 million toward universal basic income researchThis device makes it super easy for thieves to steal your carLady Gaga breaks down how PTSD affects her life in a poignant letterThis artist creates stunning henna crowns for chemotherapy patientsYou can now use multiple phone numbers on a single phone through TJerks stole photos from Maisie Williams' private Facebook account Maria Bamford spent a commencement speech teaching grads how to actually make money This designer uses Pantone swatches in the coolest way Chrome's newest update brings revamped safety controls, tab groups 'Paddington' villain Hugh Grant eats humble marmalade for a good cause Can Google Ads data predict the next coronavirus outbreak? Man gets revenge on rude people in coffee shop with a hilarious power move A live version of Animal Crossing's theme is here to lift your spirits Scared to ride? These e 'Normal People' producer calls out Pornhub for pirated sex scenes Facebook launches 'Facebook Shops' for more in How this big locust plague will end Twitter goes nuts over Trump's 'nut job' comment Thousands of medical device manuals uploaded to help with repair One social network ranked worst for young people's mental health and wellbeing Dyson’s scrapped electric car: founder reveals what could have been UPS makes a comical attempt at hiding customer's packages 'Time' magazine's latest cover is a bold shot at Donald Trump and Russia One florist is beautifying NYC with flower arrangements in unlikely places Over 100 students walked out of a commencement speech in protest of VP Mike Pence Note to Comey: Avoiding a hug from Trump takes practice. Just ask Hillary Clinton
2.388s , 10169.8359375 kb
Copyright © 2025 Powered by 【gloomy eroticism】,Unobstructed Information Network