Last year, Kaspersky Password Manager (KPM) users got an alert telling them to update their weaker passwords. Now we've found out why that happened.
In March 2019, security biz Kaspersky Lab shipped an update to KPM, promising that the application could identify weak passwords and generate strong replacements. Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well – the software used a pseudo-random number generator (PRNG) that was insufficiently random to create strong passwords.
From that time until the last few months of 2020, KPM was suggesting passwords that could be easily cracked, without flagging the weak passwords for users.
I was going to laugh off this Kaspersky password manager bug, but it is *amazing*. In the sense that I’ve never seen so many broken things in one simple piece of code. https://t.co/OYn7pJUm7z— Matthew Green (@matthew_d_green) July 6, 2021
"The password generator included in Kaspersky Password Manager had several problems," the Donjon research team explained in a blog post on Tuesday.
"The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds."
Using the current system time as the random seed value, Donjon explains, means that KPM will generate identical passwords at any given time anywhere in the world. But KPM's interface includes a one-second animation of rapidly shifting random characters that obscures the moment the actual password gets generated. This made the problem harder to spot.
Nonetheless, the lack of randomness meant that for any given password character set, the possible passwords created over time are limited enough they can be brute-forced in a few minutes. And if the creation time of an account is known – something commonly displayed in online forums, according to Donjon – that range of possibilities becomes much smaller and reduces the time required for bruteforce attacks to a matter of seconds.
"The consequences are obviously bad: every password could be bruteforced," the Donjon team wrote. "For example, there are 315619200 seconds between 2010 and 2021, so KPM could generate at most 315619200 passwords for a given charset. Bruteforcing them takes a few minutes."
- Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered
- Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel
- Pull your Western Digital My Book Live NAS off the internet now if you value your files
- With WPA3, Wi-Fi will be secure this time, really, wireless bods promise
A series of fixes – because the initial Windows patch didn't work properly – were rolled out to the web, Windows, Android, and iOS between October and December 2019. And in October 2020, Kaspersky released KPM 9.0.2 Patch M, which included a notification to users that certain weak passwords need to be regenerated.
The issue was assigned CVE-2020-27020 and Kaspersky published an advisory in April, 2021.
"Kaspersky has fixed a security issue in Kaspersky Password Manager, which potentially allowed an attacker to find out passwords generated by the tool," a company spokesperson said in an email to The Register.
"This issue was only possible in the unlikely event that the attacker knew the user’s account information and the exact time a password had been generated. It would also require the target to lower their password complexity settings."
The company's spokesperson advised that all users install the applicable updates. ®