Lucene search
K

4 matches found

NVD
NVD
added 2025/08/07 1:15 a.m.7 views

CVE-2025-54885

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

9.1CVSS0.0037EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/07 12:2 a.m.10 views

CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

9.1CVSS0.0037EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/07 12:2 a.m.3 views

CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

9.1CVSS6.5AI score0.0037EPSS
Exploits0References3
CVE
CVE
added 2025/08/07 12:2 a.m.20 views

CVE-2025-54885

Thinbus SRP client (thinbus-srp-npm) prior to version 2.0.1 has a protocol compliance bug that causes the client public value to be generated from a private value 4 bits below the RFC-specified length, leading to only 252 bits of entropy instead of the intended 2048-bit safe prime. This reduces t...

9.1CVSS6.6AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder