Password managers are смотреть фильмы про порнографиюa vital line of defense in the battle for internet security — which makes it all the more painful when they shit the bed.
The Kaspersky Password Manager (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. Unfortunately, according to security researcher Jean-Baptiste Bédrune, a bad coding decision meant that the passwords it generated weren't truly random and as a result were relatively easy to brute force — a hacking technique using specialized tools to try hundreds of thousands (or millions) of password combinations in an attempt to guess the right one.
Bédrune, who is a security researcher for the cryptocurrency hard-wallet company Ledger, writes that when generating a supposedly random password, KPM used the current time as its "single source of entropy."
While that sounds super technical, it essentially boils down to KPM using the time as the basis for its pseudo random number generator. Knowing when the password was generated, even approximately, would therefore give a hacker vital information in an attempt to crack a victim's account.
"All the passwords it created could be bruteforced in seconds," writes Bédrune.
Bédrune's team submitted the vulnerability to Kaspersky through HackerOne's bug bounty program in June of 2019, and Ledger's blog post says Kaspersky notified potentially affected users in October of 2020.
When reached for comment, Kaspersky confirmed — but downplayed — the problem identified by Bédrune.
"This issue was only possible in the unlikely event that the attacker knew the user's account information and the exact time a password had been generated," wrote a company spokesperson. "It would also require the target to lower their password complexity settings."
Kaspersky also published a security advisory detailing the flaw in April of 2021.
"Password generator was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases," read the alert. "An attacker would need to know some additional information (for example, time of password generation)."
That alert also noted that, going forward, the password manager had fixed the issue — a claim echoed by the spokesperson.
"The company has issued a fix to the product and has incorporated a mechanism that notifies users if a specific password generated by the tool could be vulnerable and needs changing."
SEE ALSO: Why you need a secret phone number (and how to get one)
So what does this mean for the average KPM user? Well, if they've been using the same KPM-generated passwords for over two years (a habit that would typically be fine), they should create new ones.
Other than that? Keep using a password manager and enable two-factor authentication.
Topics Cybersecurity
Imperial set up clash with 00NATION after win over ORDER
Tesla's Full Self Driving mode is about to get more expensive, again
Trump's already figured out how to game Facebook's election ads ban
Waymo's self
LTroots Halloween Party
Huawei Mate 40 Pro: Powerful new 5G chip, 90Hz display, still no Google services
Waymo's self
How to stream the final presidential debate
ECSTATIC lock in spot at IEM Rio Europe RMR
Uber and Lyft drivers are employees, California appeals court affirms
Musical Shows 'What It Is to Be a JA'
Everything coming to Disney+ in November 2020
Report: Tesla reduces used
Republicans vote to subpoena Facebook, Twitter CEOs in the wake of Hunter Biden story
Rare Atom secure ESL Pro League Season 17 spot through Conference Asia
After coronavirus shutdown, self
Trump appointee claims Trump is the real victim of bizarre emails targeting Democrats
Mozilla tells Facebook and Twitter to 'unfck the internet' before the U.S. election
‘LOL to Save Lives’ at Comedy Store
Report: Tesla reduces used
Study ties cellphone radiation to brain, heart tumors in male ratsNow you can chat with a bot on Facebook to plan your next vacationThe Mountain pulls a 17Unabomber emerges on Twitter after 20 years to speak to the media'Game of Thrones' fandom weeps over the end of SummerKia's giant hamsters are back, and this time they're culturally sensitiveSubway ad heartbreakingly warns riders not to HodorThom Yorke did a lot of scolding at the latest Radiohead concertTeacher's Facebook experiment on how to go viral... goes viralAtlanta airport tests conveyor belt system that could speed up security Google's Gemini AI is coming to Honor's future smartphones 'The Garfield Movie' review: A heist flick with daddy issues 'Doctor Who' and Ruby Sunday: Everything we know Evans vs. Rune 2024 livestream: Watch French Open for free Microsoft outage affects Bing, Copilot, DuckDuckGo, and ChatGPT Best Memorial Day sales and deals 2024 Amazon deals of the day: Apple iPad, Samsung Galaxy Buds 2, Amazon 50 Wordle today: The answer and hints for May 25 Google's AI Overviews are getting ads soon Best monitor deals: Get discounted Samsung monitors at Amazon
0.2597s , 7990.0234375 kb
Copyright © 2025 Powered by 【смотреть фильмы про порнографию】A popular password manager screwed up, but there's an easy fix,Global Hot Topic Analysis
