![]() ![]() ![]() Tags: Password Safe, passwords, random numbers, vulnerabilitiesĪpplying Hanlon’s razor (“never attribute to malice that which is adequately explained by stupidity”), I would rule out a backdoor, as identical passwords would be generated for different users.Ī properly implemented backdoor wouldn’t be as obvious and weak as this one. I also recommend my own password manager: Password Safe.ĮDITED TO ADD: Commentary from Matthew Green. More generally: generating random numbers is hard. Stupid programming mistake, or intentional backdoor? We don’t know. The product has been updated and its newest versions aren’t affected by this issue. ![]() It also provides a proof of concept to test if your version is vulnerable. This article explains how to securely generate passwords, why Kaspersky Password Manager failed, and how to exploit this flaw. All the passwords it created could be bruteforced in seconds. Its single source of entropy was the current time. The most critical one is that it used a PRNG not suited for cryptographic purposes. The password generator included in Kaspersky Password Manager had several problems. Vulnerability in the Kaspersky Password ManagerĪ vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |