CVE-2020-27020

Published: May 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).

Affected (4)

Products: Kaspersky: Password Manager

Kaspersky

1 product

Password Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Kaspersky Password Manager	Before 9.2.14.872
Kaspersky Password Manager	Before 9.2.14.31
Kaspersky Password Manager	Before 9.2
Kaspersky Password Manager	Version 9.2

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421

Source: vulnerability@kaspersky.com

Broken Link

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.