4 matches found
CVE-2025-54885
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885
Thinbus SRP client (thinbus-srp-npm) prior to version 2.0.1 has a protocol compliance bug that causes the client public value to be generated from a private value 4 bits below the RFC-specified length, leading to only 252 bits of entropy instead of the intended 2048-bit safe prime. This reduces t...