Zimbalwa izinsuku ezedlule ihlazo elikhulu lamiswa enetheni yincwadi eyenziwe nguDonjon (ukubonisana ngokuphepha) lapho ngokuyisisekelo uxoxe ngezinkinga ezahlukahlukene zokuphepha kwe- "Kaspersky Password Manager" ikakhulukazi ku-generator ye-password yayo, njengoba kukhombisile ukuthi wonke amaphasiwedi awenzile angaqhekeka ngokuhlaselwa ngamandla.
Futhi kungukuthi ukubonisana kwezokuphepha uDonjon wakuthola lokho Phakathi kukaMashi 2019 no-Okthoba 2020, iKaspersky Password Manager amaphasiwedi akhiqiziwe angaqhekeka ngemizuzwana. Ithuluzi lisebenzise i-mbumbulu-okungahleliwe kwenombolo ye-generator eyayingakulungeli ngandlela-thile izinhloso ze-cryptographic.
Abaphenyi bathola ukuthi i-password generator ibinezinkinga eziningana futhi okunye okubaluleke kakhulu ukuthi i-PRNG isebenzise umthombo owodwa kuphela we-entropy Ngamafuphi, bekuwukuthi amaphasiwedi akhiqizwayo ayesengozini futhi engavikelekile nakancane.
“Eminyakeni emibili edlule, sibuyekeze iKaspersky Password Manager (KPM), imenenja yephasiwedi eyenziwe nguKaspersky. I-Kaspersky Password Manager ingumkhiqizo ogcina ngokuphepha amaphasiwedi nemibhalo endaweni ephephile futhi evikelwe nge-password. Lesi sefu sivikelwe yiphasiwedi eyinhloko. Ngakho-ke, njengabanye abaphathi be-password, abasebenzisi badinga ukukhumbula iphasiwedi eyodwa ukusebenzisa nokuphatha wonke amaphasiwedi abo. Umkhiqizo uyatholakala ngezinhlelo ezahlukahlukene zokusebenza (iWindows, i-MacOS, i-Android, i-iOS, iWebhu…) Imininingwane ebethelwe ingavunyelaniswa ngokuzenzakalela phakathi kwawo wonke amadivayisi wakho, ihlale ivikelwe yi-master password yakho.
“Isici esiyinhloko seKPM ukuphathwa kwephasiwedi. Iphuzu elisemqoka ngabaphathi be-password ukuthi, ngokungafani nabantu, lawa mathuluzi alungile ekukhiqizeni amaphasiwedi aqinile, angahleliwe. Ukukhiqiza amaphasiwedi aqinile, iMenenja yephasiwedi yeKaspersky kumele ithembele kumshini wokukhiqiza amaphasiwedi aqinile ”.
Enkingeni unikeze inkomba i-CVE-2020-27020, lapho i-caveat ukuthi "umhlaseli azodinga ukwazi imininingwane eyengeziwe (ngokwesibonelo, isikhathi lapho iphasiwedi yenziwa khona" isebenza, iqiniso ukuthi amaphasiwedi eKaspersky ngokusobala ayengavikelekile kangako kunalokho abantu ababekucabanga.
"I-generator ye-password efakwe kwi-Kaspersky Password Manager ihlangabezane nezinkinga eziningana," kuchaza ithimba labacwaningi baseDungeon eposini ngoLwesibili. “Okubaluleke kakhulu ukuthi ubesebenzisa i-PRNG engafanele ngezinhloso zokubhala. Umthombo wayo kuphela we-entropy kwakuyisikhathi samanje. Noma iyiphi iphasiwedi oyakhayo ingahle iphulwe ngesihluku ngemizuzwana. "
UDungeon uveza ukuthi iphutha elikhulu likaKaspersky ukusebenzisa iwashi lohlelo ngemizuzwana njengembewu ku-generator mbumbulu engahleliwe yenombolo.
"Lokhu kusho ukuthi sonke isikhathi seKaspersky Password Manager emhlabeni sizokhiqiza igama elifanayo ngomzuzwana," kusho uJean-Baptiste Bédrune. Ngokusho kwakhe, iphasiwedi ngayinye ingaba isisulu sokuhlaselwa ngamandla ”. “Isibonelo, kunemizuzwana engama-315,619,200 phakathi kuka-2010 no-2021, ngakho-ke i-KPM ingakhiqiza amaphasiwedi afinyelela kuma-315,619,200 esethi yezinhlamvu ezinikeziwe. Ukuhlaselwa ngamandla kwabantu kulolu hlu kuthatha imizuzu embalwa kuphela. "
Abaphenyi abavela Isiboshwa siphethe:
“IKaspersky Password Manager isebenzise indlela eyinkimbinkimbi ukwenza amaphasiwedi ayo. Le ndlela yayihlose ukudala amaphasiwedi anzima ukuqhekeka kubaduni be-password abajwayelekile. Kodwa-ke, indlela enjalo inciphisa amandla wamaphasiwedi akhiqiziwe uma kuqhathaniswa namathuluzi azinikele. Sikhombisile ukuthi ungawakha kanjani amaphasiwedi aqinile usebenzisa i-KeePass njengesibonelo: izindlela ezilula ezinjengama-sweepstake ziphephile, ngokushesha nje lapho ususa i- "modulus bias" ngenkathi ubheka incwadi ebangeni lohlamvu olunikeziwe.
“Siphinde sahlaziya ne-PRNG kaKaspersky sakhombisa ukuthi ibuthaka kakhulu. Isakhiwo sayo sangaphakathi, isiphepho iMersenne esivela emtatsheni wezincwadi we-Boost, asikufanelekeli ukwenziwa kwezinto ezibonakalayo. Kepha iphutha elikhulu kakhulu ukuthi le PRNG ihlwanyelwe ngesikhathi samanje, ngemizuzwana. Lokhu kusho ukuthi wonke amaphasiwedi akhiqizwa yizinhlobo ezisengozini ze-KPM angaphazanyiswa kabuhlungu ngemizuzu ethile (noma umzuzwana uma wazi cishe isikhathi sesizukulwane).
UKaspersky waziswa ngobungozi ngoJuni 2019 futhi wakhipha i-patch version ngo-Okthoba wonyaka ofanayo. Ngo-Okthoba 2020, abasebenzisi baziswa ukuthi amanye amaphasiwedi kuzofanele avuselelwe, kanti uKaspersky washicilela izeluleko zakhe zokuphepha ngo-Ephreli 27, 2021:
“Zonke izinhlobo zomphakathi ze-Kaspersky Password Manager ezibhekele le nkinga manje sezinolunye olusha. I-password yokukhiqiza i-password kanye ne-password update emacaleni lapho iphasiwedi ekhiqiziwe kungenzeka ingaqinile ngokwanele ”, kusho inkampani yonogada
Umthombo: https://donjon.ledger.com
Amaphasiwedi afana nezikhiye: akukho okuphephile okungu-100%, kepha okuyinkimbinkimbi ngokwengeziwe, isikhathi nomzamo omkhulu uyadingeka.
Kuhle kakhulu, kepha noma ngubani ongakwazi ukufinyelela kwikhompyutha yakhe akakwazi ngisho nokufinyelela uthisha. Kulezi zinsuku, wonke umuntu unekhompyutha yakhe, ngaphandle kwalapho umngane womuntu eya endlini yakhe futhi ngenhlanhla bathole ukuthi banalolo hlelo olufakiwe.
Babenenhlanhla yokuthola ikhodi yomthombo yalolu hlelo ukuze bakwazi ukuqonda ukuthi bakhiqizwa kanjani, ukube bekuyinto kanambambili, kufanele iqale ichithwe, okuyinto enzima, hhayi abaningi abaluqonda ulimi oluncane, noma ngokuqondile ngamandla ngaphandle kokuqonda ukuthi kusebenza kanjani.