Kaspersky Password Manager was generating incredibly easily cracked passwords
A need for security means that many people rely on password managers to store their ever-growing collection of login credentials. And when the time comes to create a new user account, many such tools offer a password generator to help with the creation of something ultra-secure.
Or at least that's the idea. Security consultancy Donjon found that between March 2019 and October 2020 Kaspersky Password Manager was generating passwords that could be cracked in seconds. The tool was using a pseudo-random number generator (PRNG) that was singularly unsuitable for cryptographic purposes.
- Microsoft issues emergency patches for critical PrintNightmare security flaw
- Microsoft urges PowerShell users to upgrade to protect against critical vulnerability
- Millions of Dell devices at risk due to SupportAssist security vulnerabilities
Donjon researchers found that the password generator included in Kaspersky Password Manager had several problems. Most significant is the fact that the PRNG used a single source of entropy -- the current time. This meant that "all the passwords it created could be bruteforced in seconds".
The issue was assigned CVE-2020-27020, where the old version of the password manager is described as being "not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases". While the caveat that "an attacker would need to know some additional information (for example, time of password generation)" is valid, the fact remains that Kaspersky passwords were significantly less secure than people were led to believe.
Researchers at Donjon concluded:
Kaspersky Password Manager used a complex method to generate its passwords. This method aimed to create passwords hard to break for standard password crackers. However, such method lowers the strength of the generated passwords against dedicated tools. We showed how to generate secure passwords taking KeePass as an example: simple methods like random draws are secure, as soon as you get rid of the "modulo bias" while peeking a letter from a given range of chars.
We also studied the Kaspersky's PRNG, and showed it was very weak. Its internal structure, a Mersenne twister taken from the Boost library, is not suited to generate cryptographic material. But the major flaw is that this PRNG was seeded with the current time, in seconds. That means every password generated by vulnerable versions of KPM can be bruteforced in minutes (or in a second if you know approximately the generation time).
Finally, we provided a proof of concept that details the full generation method used by KPM. It can be used to verify the flaw is indeed present in Windows versions of Kaspersky Password Manager < 9.0.2 Patch F. Incidentally, writing this PoC allowed us to spot an out of bounds read during the computation of the frequency of appearance of password chars, which makes passwords a bit stronger that they should have been.
Kaspersky points out that the issue was addressed last year:
The discovery has shocked the security community. Mike Newman, CEO of My1Login, responded to the news by saying: "The main goal of a random password generator is to create passwords that are virtually impossible to crack, so to hear Kaspersky's random password generator could be brute forced due to design blunders is alarming".
Super computers are able to go through billions of attempts per second to brute force a password. The lack of randomness created by KPM's solution, along with the fact that if the creation time of an account is known, an attack can be made that much quicker, highlights the fact that even random password generators can't be relied upon to keep malicious actors away.
So what is the takeaway from this? In short, if you are using Kaspersky Password Manager, you need to make sure that it is completely up-to-date to ensure that your passwords are not going to be crackable. Make sure that you are running at least Kaspersky Password Manager for Windows 9.0.2 Patch F, Kaspersky Password Manager for Android 126.96.36.1992, or Kaspersky Password Manager for iOS 188.8.131.52, and you should be safe.
Full details of the researchers' finding are available here.