11 matches found
CVE-2025-54885
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
CVE-2025-54885
Thinbus SRP client (thinbus-srp-npm) prior to version 2.0.1 has a protocol compliance bug that causes the client public value to be generated from a private value 4 bits below the RFC-specified length, leading to only 252 bits of entropy instead of the intended 2048-bit safe prime. This reduces t...
Thinbus Javascript Secure Remote Password 安全特征问题漏洞
Thinbus Javascript Secure Remote Password is a secure remote password implementation from the individual developer Simon Massey. A security signature issue vulnerability exists in Thinbus Javascript Secure Remote Password version 2.0.0 and earlier, which stems from a protocol compliance issue...
GHSA-8Q6V-474H-WHGG The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended
Impact A protocol compliance bug in thinbus-srp-npm versions prior to 2.0.1 causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted to 2048 bits. RFC 5054 states in section 2.5.4 Client Key Exchange The client key exchange message...
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended
Impact A protocol compliance bug in thinbus-srp-npm versions prior to 2.0.1 causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted to 2048 bits. RFC 5054 states in section 2.5.4 Client Key Exchange The client key exchange message...
Insufficient Entropy
Overview thinbus-srp is a Secure Remote Password SRP SRP6a implementation. Affected versions of this package are vulnerable to Insufficient Entropy in the toHex function. An attacker can reduce the security margin of the protocol and potentially compromise session confidentiality by exploiting th...
PT-2025-32241 · Unknown · Thinbus-Srp-Npm
Name of the Vulnerable Software and Affected Versions: thinbus-srp-npm versions 2.0.0 and below Description: A protocol compliance bug exists in the Javascript Secure Remote Password implementation, specifically in the client's entropy generation. The client generates a fixed 252 bits of entropy...