CVE-2020-27020

EPSS 0.27%
Published 14.05.2021 11:15:07
Last modified 21.11.2024 05:20:41
Source vulnerability@kaspersky.com
Teams watchlist Login
Open Login

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Kaspersky ≫ Password Manager SwPlatformwindows Version < 9.2

Kaspersky ≫ Password Manager SwPlatformiphone_os Version < 9.2.14.31

Kaspersky ≫ Password Manager SwPlatformandroid Version < 9.2.14.872

Kaspersky ≫ Password Manager Version9.2 Update- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.499

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2020-27020

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27020

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27020

EUVD