Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.00265Percentile:
0.49799
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-326
: Inadequate Encryption Strength
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-192 : Protocol Analysis
CAPEC-20 : Encryption Brute Forcing
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:android:*:*
cpe:2.3:a:kaspersky:password_manager:9.2:-:*:*:*:windows:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me