All the sensitive data stored in the encrypted vault is protected with a master password.
This product is available for various operating systems such as Windows, macOS, Android, iOS, Web.
By default, KPM generates 12-character passwords with an extended charset.
The vulnerability issue tracked as CVE-2020-27020 was discovered by the security research team at Ledger Donjon.
The password generator included in Kaspersky Password Manager (KPM) had several problems.
Its single source of entropy was the current time.
All the passwords it created could be bruteforced in seconds.
The consequences are obviously bad: every password could be bruteforced.
Bruteforcing them takes a few minutes, he added.
Moreover, passwords from leaked databases containing hashed passwords, passwords for encrypted archives, TrueCrypt/Veracrypt volumes, etc.
can be also easily retrieved if they had been generated using KPM.
In October 2020, users were notified that some passwords would need to be generated.
Password generator was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases.
It would also require the target to lower their password complexity parameters.
Kaspersky recommends its users to check the app version and load the latest updates.
source: www.techworm.net
