Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "13C5F5C1-31EF-4FC4-BC8B-C2DCA3151503", "versionEndExcluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "8A93A31B-A011-4F9C-B5E4-D191C868F04E", "versionEndExcluding": "9.2.14.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:android:*:*", "matchCriteriaId": "520B67EE-04F3-4AAB-B5F0-7C2C74EE3D28", "versionEndExcluding": "9.2.14.872", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:password_manager:9.2:-:*:*:*:windows:*:*", "matchCriteriaId": "1CD4A2A2-0DEE-4D14-870A-87C9E817E2DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."}, {"lang": "es", "value": "La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptogr\u00e1fico, y en algunos casos potencialmente permit\u00eda a un atacante predecir las contrase\u00f1as generadas. Un atacante necesitar\u00eda conocer informaci\u00f3n adicional (por ejemplo, el momento de la generaci\u00f3n de la contrase\u00f1a)"}], "id": "CVE-2020-27020", "lastModified": "2024-11-21T05:20:41.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T11:15:07.333", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Broken Link"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
MITRE
Vulnrichment
NVD
Redhat