Onye njikwa paswọọdụ Kaspersky enweghị nchekwa ọ bụla ma enwere ike ịgbawa okwuntughe gị

Febọchị ole na ole gara aga etinyere oke egwu na ụgbụ site n'akwụkwọ nke Donjon mere (ụlọ ọrụ na-ahụ maka nchekwa) nke bụ isi tụlere okwu nchekwa dị iche iche nke "Kaspersky Password Manager" karisia na okwuntughe ya, dika o gosiputara na okwuntughe obula o meputara nwere ike igbatu site na agha ojoo.

Ma ọ bụ na nche consultancy Donjon ọ chọpụtara na N'agbata Machị 2019 na Ọktoba 2020, Kaspersky Password Manager emepụta okwuntughe nke nwere ike ịgbawa na sekọnd. Ngwá ọrụ ahụ jiri pseudo-random nọmba jenerato nke na-adịghị mma maka ebumnuche cryptographic.

Ndị nchọpụta chọpụtara na generator generator o nwere ọtụtụ nsogbu na otu ihe kachasị mkpa bụ na PRNG jiri naanị otu isi mmalite Na nkenke, ọ bụ na okwuntughe sitere na enweghị ike na enweghị nchebe ọ bụla.

“Afọ abụọ gara aga, anyị nyochara Kaspersky Password Manager (KPM), onye njikwa okwuntughe nke Kaspersky mepụtara. Kaspersky Paswọdu Manager bụ ngwaahịa na-echekwa okwuntughe na dọkụmentị na nchekwa na nchekwa echekwara. A na-echebe nchekwa a site na paswọọdụ nnabata. Yabụ, dị ka ndị njikwa okwuntughe ndị ọzọ, ndị ọrụ kwesịrị icheta otu okwuntughe iji jikwaa okwuntughe ha niile. Ngwaahịa dị maka sistemụ arụmọrụ dị iche iche (Windows, macOS, Android, iOS, Web…) Enwere ike ịmekọrịta data ezoro ezo n'etiti ngwaọrụ gị niile, na-echebe paswọọdụ gị mgbe niile.

“Akụkụ nke KPM bụ njikwa okwuntughe. Otu isi ihe na ndị njikwa okwuntughe bụ na, n'adịghị ka ụmụ mmadụ, ngwaọrụ ndị a dị mma n'ịmepụta okwuntughe siri ike, na-enweghị usoro. Iji mepụta okwuntughe siri ike, Kaspersky Password Manager ga-adabere n’usoro maka iwepụta okwuntughe siri ike ”.

Nye nsogbu kenyere ndeksi CVE-2020-27020, ebe mkpuchi nke na "onye na-awakpo ga-achọ ịma ozi ndị ọzọ (dịka ọmụmaatụ, oge ewepụtara paswọọdụ)" ziri ezi, nke bụ eziokwu bụ na okwuntughe Kaspersky doro anya nke ọma karịa ka ndị mmadụ chere.

"Onye na-enye paswọọdụ jikọtara na Kaspersky Password Manager ezutela ọtụtụ nsogbu," ka ndị ọrụ nyocha Dungeon kọwara na post na Tuesday. “Ihe kachasị mkpa bụ na ọ na-eji PRNG na-ekwesịghị ekwesị maka ebumnuche nyocha. Nanị isi mmalite ya bụ entropy bụ oge dị ugbu a. Okwuntughe obula imeputara nwere ike gbarie ya na obere oge. "

Dungeon gosipụtara na nnukwu ndudue Kaspersky bụ iji sistemụ sistemụ na sekọnd dị ka mkpụrụ na pseudo-random nọmba generator.

Jean-Baptiste Bédrune kwuru sị, "Nke a pụtara na ọkwa niile nke Kaspersky Password Manager n'ụwa ga - ewepụta otu mkpụrụokwu okwesiri n'otu nkeji." Dị ka ya si kwuo, paswọọdụ ọ bụla nwere ike ịbụ ihe mgbaru ọsọ nke ọgụ ọjọọ ”. “Dịka ọmụmaatụ, enwere sekọnd 315,619,200 n'etiti 2010 na 2021, ya mere KPM nwere ike iwepụta okwuntughe 315,619,200 kachasị maka akara agwa enyere. Mwakpo dị ike nke ndepụta a na-ewe naanị nkeji ole na ole. "

Ndị nyocha si Dungeon kwubiri:

“Kaspersky Paswọdu Manager jiri usoro dị mgbagwoju iji mepụta okwuntughe ya. Ebumnuche a iji mepụta okwuntughe siri ike ịgbawa maka ndị na-agba ọsọ okwuntughe. Otú ọ dị, usoro dị otú ahụ na-ebelata ike nke okwuntughe emepụtara ma e jiri ya tụnyere ngwaọrụ ndị raara onwe ha nye. Anyị egosila otu esi ewepụta okwuntughe siri ike site na iji KeePass dị ka ihe atụ: ụzọ ndị dị mfe dị ka ebe a na-ekpo ekpo dị mma, ozugbo ị tufuru "modulus bias" mgbe ị na-ele akwụkwọ ozi na agwa agwa enyere.

“Anyị nyochara usoro PRNG nke Kaspersky ma gosipụta na ọ esighi ike. Ọdịdị ya dị n'ime, oke mmiri Mersenne sitere na Boost n'ọbá akwụkwọ, adabara maka ịmịpụta ihe ederede. Mana nnukwu nsogbu bụ na PRNG a kụrụ na oge dị ugbu a, na sekọnd. Nke a pụtara na paswọọdụ ọ bụla nke nsụgharị KPM na-adịghị ike nwere ike ịbụ nke a na-ejikọtaghị na ihe nkeji (ma ọ bụ nke abụọ ma ọ bụrụ na ị maara oge ọgbọ ahụ)

A gwara Kaspersky banyere nsogbu ahụ na June 2019 wee wepụta nsụgharị patch na October nke otu afọ ahụ. Na Ọktọba 2020, a gwara ndị ọrụ na ụfọdụ okwuntughe ga-adịkwa ọzọ, Kaspersky bipụtara ndụmọdụ nchekwa ya na Eprel 27, 2021:

“Niile nsụgharị ọha nke Kaspersky Password Manager maka nsogbu a nwere ugbu a ọhụrụ. Usoro okwuntughe okwuntughe na ikwalite okwuntughe banyere ikpe ebe oguzo paswọọdụ esighi ike, ”ka ụlọ ọrụ nchekwa na-ekwu

Isi: https://donjon.ledger.com


Ọdịnaya nke isiokwu agbaso ụkpụrụ anyị nke ụkpụrụ nduzi. Kpesa mmejọ pịa ebe a.

Ihe 2 kwuru, hapụ nke gị

Hapu okwu gi

Adreesị email gị agaghị bipụtara. Chọrọ ubi na-akara na *

*

*

  1. Rụ ọrụ maka data: Miguel Ángel Gatón
  2. Nzube nke data: Nchịkwa SPAM, njikwa okwu.
  3. Ikike: Nkwenye gị
  4. Nkwurịta okwu nke data: Agaghị agwa ndị ọzọ data ahụ ma ọ bụghị site na iwu.
  5. Nchekwa data: Ebe nchekwa data nke Occentus Networks (EU) kwadoro
  6. Ikike: Oge obula inwere ike igbachi, weghachite ma hichapụ ihe omuma gi.

  1.   Uzoigwe dijo

    Okwuntughe dịka padlocks: ọ nweghị otu 100% echedoro, mana ka ọ dị mgbagwoju anya, oge na mbọ achọrọ.

  2.   ArtEze dijo

    Mara ezigbo mma, mana onye anaghị enwe kọmputa ya enweghị ike ịnweta onye nkuzi ya. Ka ọ dị ugbu a, onye ọ bụla nwere kọmputa nke ya, belụsọ na enyi mmadụ gara ụlọ ha ma na mberede na ha achọpụta na ha etinyegoro mmemme ahụ.

    Ha nwere obi ụtọ na ha nwere koodu isi nke usoro ihe omume iji nwee ike ịghọta otu esi ewepụta ha, ọ bụrụ na ọ bụ ọnụọgụ abụọ, ọ ga-ebu ụzọ ree, nke siri ike, ọ bụghị ọtụtụ ndị na-aghọta asụsụ ntakịrị, ma ọ bụ site na ike dị egwu. n’aghọtaghị otu o si arụ ọrụ.