Password managers are edvard munch eroticism on a summer eveninga vital line of defense in the battle for internet security — which makes it all the more painful when they shit the bed.
The Kaspersky Password Manager (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. Unfortunately, according to security researcher Jean-Baptiste Bédrune, a bad coding decision meant that the passwords it generated weren't truly random and as a result were relatively easy to brute force — a hacking technique using specialized tools to try hundreds of thousands (or millions) of password combinations in an attempt to guess the right one.
Bédrune, who is a security researcher for the cryptocurrency hard-wallet company Ledger, writes that when generating a supposedly random password, KPM used the current time as its "single source of entropy."
While that sounds super technical, it essentially boils down to KPM using the time as the basis for its pseudo random number generator. Knowing when the password was generated, even approximately, would therefore give a hacker vital information in an attempt to crack a victim's account.
"All the passwords it created could be bruteforced in seconds," writes Bédrune.
Bédrune's team submitted the vulnerability to Kaspersky through HackerOne's bug bounty program in June of 2019, and Ledger's blog post says Kaspersky notified potentially affected users in October of 2020.
When reached for comment, Kaspersky confirmed — but downplayed — the problem identified by Bédrune.
"This issue was only possible in the unlikely event that the attacker knew the user's account information and the exact time a password had been generated," wrote a company spokesperson. "It would also require the target to lower their password complexity settings."
Kaspersky also published a security advisory detailing the flaw in April of 2021.
"Password generator was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases," read the alert. "An attacker would need to know some additional information (for example, time of password generation)."
That alert also noted that, going forward, the password manager had fixed the issue — a claim echoed by the spokesperson.
"The company has issued a fix to the product and has incorporated a mechanism that notifies users if a specific password generated by the tool could be vulnerable and needs changing."
SEE ALSO: Why you need a secret phone number (and how to get one)
So what does this mean for the average KPM user? Well, if they've been using the same KPM-generated passwords for over two years (a habit that would typically be fine), they should create new ones.
Other than that? Keep using a password manager and enable two-factor authentication.
Topics Cybersecurity
Study trains Port Jackson sharks to respond to jazz music
Tennis with Mr. Nice: My Week with Howard Marks
Mythologies: Paintings by Hervé Heuze
The Hopeful Dystopia of Pushwagner’s “Soft City”
The Bose QuietComfort Ultra headphones are on sale for $100 off
Jeffrey Eugenides on “Car
Oh, No, It’s Thousands of Jerry Maguire Videos…
How Champagne Became Synonymous with Luxury
What's Thermal Throttling and How to Prevent It
This recipe for air frying your Brussels sprouts is essential
Best outdoor deals: Save up to 50% at REI and Amazon to prep for camping season
What do intimate washes do to our vaginas?
How to stream 'Indiana Jones and The Dial of Destiny'
Review: 'All the Light We Cannot See' is a sweet, if heavy
Skates in the deep sea may incubate eggs near 'black smoker' vents
Perfect movie to kick off the Christmas season: 'Anna and the Apocalypse'
Higher cell phone use linked with lower sperm count, research suggests
The cost of living crisis is impacting our dating habits
CPU Price Watch: 9900K Incoming, Ryzen Cuts
How Rotha Lintorn
YouTube is removing North Korean content and no one knows whyNew video series highlights activists using tech to defend human rightsPeople are dragging a politician for not knowing where to get toilet paper at nightMark Zuckerberg's charity is buying a search engine for research papersNew cookie dough shop opens in NYC to be your best friendApple unveils its own way to find lost AirPodsYouTube is removing North Korean content and no one knows whyTrump's cyber advisor didn't know about SignalMan fights off Twitter scammer by vowing to marry her in a 'Hindu mosque'The State of SelfPuppies found alive give avalanche rescuers a reason to smileGoogle's Pixel smartphones struggle to click in world's fastest growing smartphone marketErin Andrews reveals her private battle with cervical cancerReport details method to break Android Pattern LockNow you can buy a car at your local WalmartBollywood superstar Shah Rukh Khan's 'Raees by Rail' derails as fan dies in stampedeTesla is releasing updates to its Autopilot featureHogwarts gets a magically realistic rendering in body paint timelapseStreaming crashes the Oscars: Amazon becomes first service with Best Picture nodCall Me By Your Name review: Sundance's gay romantic drama is a joy We will never not have new Drake music because apparently, he's already working on new album Young artist creates Janet, the scissor 'Hellblade' punishes you for dying a lot Bruce Springsteen is coming to Broadway Excellent 'Metal Gear Solid' shirt commemorates the series' undeniable homoeroticism Foursquare is throwing in the towel on being a social app, but has another trick up its sleeve Being afraid to come out in a country that just elected a lesbian prime minister 'Game of Thrones' episode 5 script details leaked in latest hacker dump Ryan Reynolds hooks us up with the first look at Josh Brolin's Cable in 'Deadpool 2' Do the decent thing and send one of these texts instead of ghosting Restaurant owner has a hilarious response to rude TripAdvisor review Why 'Firestick that sh*t' became shorthand for pirating our favorite films and TV shows Hillary and Bill Clinton attend 'Wonder Woman' screening in Brooklyn Leaked image shows what the iPhone 8 might look like in a case Hands on with the Soft Gold OnePlus 5 Android phone with dual cameras 'Ingrid Goest West' exclusive clip: Watch There are now over 3 billion social media users around the world YouTube pushes into messaging with new chat features for its app Your next phone's probably gonna have an ugly cutout right its screen Couple plans amazing tech
1.0274s , 8266.3359375 kb
Copyright © 2025 Powered by 【edvard munch eroticism on a summer evening】,Defense Information Network