Publication Citation: CVE-2020-27020
Researcher Names: Jean-Baptiste Bédrune
Link: https://donjon.ledger.com/kaspersky-password-manager/
Kaspersky’s Password Manager used the Mersenne Twister pseudorandom number generator. Seeded from the current time. In seconds. For more than a year after the researcher disclosed it to them. Reducing the password entropy space to the second the password was generated. This is well within the range of off-line brute forcing, and with a good oracle of approximately when the account was created, could even be used in online password guessing attacks. This was a neat cryptographic footgun on Kaspersky’s part, but was obfuscated by the use of a proprietary password generation algorithm the researcher unraveled. As a bonus, the researcher managed to showcase a rare situation where an out-of-bounds memory read plays the otherwise missing role of entropy source and somehow became a security benefit. Actual pwnage results may vary, some charset and timeframe guessing may still apply.