Back to Blog
My1Login CEO Mike Newman comments, “Supercomputers are able to go through billions of attempts per second to brute force a password. That could mean that passwords could be bruteforced in minutes or seconds. While KPM uses a password generation method that could be difficult for standard password crackers to break, it has a major weakness: password crackers that know a password has been created by KPM can easily use what's called a Markov generator to crack passwords. However, it took two years for Kaspersky to do anything about it according to Bédrune.īédrune details how KPM uses an inbuilt password generator that relies on policies including password length, uppercase letters, lowercase letters, digits, and a custom set of special characters. The weakness lies in the CVE-2020-27020 vulnerability, which has now been patched. However, KPM's automatic password generation is flawed and it can actually be bruteforced ‘in seconds'. These are protected by a master password that the user needs to remember. Ledger's Jean-Baptiste Bédrune recently posted a blog explaining how Kaspersky Password Manager (KPM) has had many problems, the most critical of which is its inability to properly secure generated passwords.Īccording to Bédrune, KPM is a password manager that stores automatically generated passwords and documents in a vault. That's according to a security researcher at Ledger, who claims that older versions of a commercially available password manager by Kaspersky are far from secure. As people and enterprises put their trust in password managers to secure their accounts, even well-built password managers can be fatally flawed.
0 Comments
Read More
Leave a Reply. |