Vulnerability Details : CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
Products affected by CVE-2020-27020
- cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:android:*:*
- cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:kaspersky:password_manager:9.2:-:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-27020
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-27020
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-27020
-
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421
List of AdvisoriesBroken Link
Jump to