CVE-2020-27020

CVE Database · CVE-2020-27020

CVE-2020-27020

· HIGHModified

CVSS v3.1

7.5

EPSS

0.74%

Published

May 14, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-326

Affected Products (4)

kaspersky · password_manager (up to 9.2)vulnerable

kaspersky · password_manager (up to 9.2.14.31)vulnerable

kaspersky · password_manager (up to 9.2.14.872)vulnerable

kaspersky · password_managervulnerable

References (2)

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421

Broken Link

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs