RoboForm is a password generation and management tool released and continuously updated since 2000. It provides a method to store and generate passwords, autofill forms, and manage passwords across multiple devices.
Early versions of RoboForm contain a weakness in their password generation routine that allows the regeneration of any passwords that had been generated in the past. While RoboForm's passwords appear to be random, they are actually deterministic based on the current system time.
Our proof-of-concept code allows the generation of passwords from any prior date range en masse. It wraps around the specific password generator function within RoboForm's DLL (bypassing the GUI altogether), configures the system time, passes the required configuration/parameters, and displays the resulting generated passwords.
This problem has been fixed as of RoboForm's 7.9.14 release on June 10, 2015. It is recommended that all users of RoboForm regenerate any passwords still in use which were created before that date.