Password managers allows users to store their ever-growing number of login credentials. Many passwords managers can also act as a password generator.
And Kaspersky Password Manager is one of the many choices people can choose. The tool also has a random password generator, which is certainly a good thing. However, researchers have discovered that the password generator has two significant and fatal flaws.
And they stemmed from its method of generating password.
The flaws that were present for passwords generated by the tool up to October 2019, could allow hackers in having to try as few as 100 passwords in their brute force attack.
Another way of saying this, passwords generated by Kaspersky Password Manager can be cracked in mere seconds, if not minutes.
In a security perspective, that is really bad.
This happened because of two reasons.
First, Kaspersky Password Manager used the current time in seconds as the seed for its Mersenne Twister pseudo-random number generator (PRNG).
“It means every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second,” wrote Ledger Donjon head of security research Jean-Baptiste Bédrune in a blog post.
Because the tool has an animation that takes longer than a second when a password is generated, Bédrune said it could be why this issue was not discovered earlier.
“The consequences are obviously bad: every password could be bruteforced,” he said.
“For example, there are 315619200 seconds between 2010 and 2021, so KPM could generate at most 315619200 passwords for a given charset. Bruteforcing them takes a few minutes.”
Second, the Kaspersky Password Manager generated passwords using letter grouping rarely found in words. Like for example, using words like qz or zr.
The issue here is that, if hackers know that a target used Kaspersky Password Manager, they can defeat the tool by creating a brute force attack with only these combinations.
We also studied the Kaspersky's PRNG, and showed it was very weak. Its internal structure, a Mersenne twister taken from the Boost library, is not suited to generate cryptographic material. But the major flaw is that this PRNG was seeded with the current time, in seconds. That means every password generated by vulnerable versions of KPM can be bruteforced in minutes (or in a second if you know approximately the generation time).
Finally, we provided a proof of concept that details the full generation method used by KPM. It can be used to verify the flaw is indeed present in Windows versions of Kaspersky Password Manager < 9.0.2 Patch F. Incidentally, writing this PoC allowed us to spot an out of bounds read during the computation of the frequency of appearance of password chars, which makes passwords a bit stronger that they should have been.
Kaspersky Password Manager versions prior to 9.0.2 Patch F on Windows, 9.2.14.872 on Android, or 9.2.14.31 on iOS were affected. Kaspersky fixed the issues by replacing the Mersenne Twister with BCryptGenRandom function on its Windows version, the research team said.
Kaspersky was informed of the vulnerability in June 2019, and released the fix version in October that same year. In October 2020, Kaspersky notified users that some of their passwords may need to be re-generated, with Kaspersky publishing its security advisory on 27 April 2021.
Further reading: Tips In Creating A Strong Password That's Hard To Guess But Easy To Remember