Counterpane Password Safe Insecure Random Number Generation Vulnerability

Counterpane Password Safe Insecure Random Number Generation Vulnerability

Counterpane Password Safe generates random numbers in an insecure way. This issue allows for easier brute-force decryption attacks. The application fails to properly use a cryptographically secure algorithm for generating random numbers.

This vulnerability allows attackers with access to the Password Safe database to employ a brute-force password-guessing attack against the database much more efficiently than the application's design intended. The data contained in the Password Safe database aids malicious users in further attacks.

This issue occurs only when Password Safe 3.0 is running on operating systems earlier than Microsoft Windows XP.