Kaspersky Password Manager caught out to be easy bruteforced passwords.


The password generator feature in Kaspersky Password Manager was insecure in various ways because the security vendor failed to follow well understood cryptographic best practices, it has emerged.

The multiple flaws – tracked as CVE-2020-27020 – were discovered in June 2019 but were only patched in October 2020. Users were told to update to Kaspersky Password Manager 9.0.2 Patch M and re-generate passwords. That in itself didn’t completely fix the issue because the mobile version of the software was still vulnerable until that too was addressed and an advisory published in April 2021.

Read More…