Homepage

thinbus-srp@2.0.0 vulnerabilities

Secure Remote Password SRP SRP6a implementation.

  • latest version

    2.0.2

  • latest non vulnerable version

    2.0.2

  • first published

    7 years ago

  • latest version published

    20 days ago

  • licenses detected

  • View thinbus-srp package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the thinbus-srp package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Insufficient Entropy

    thinbus-srp is a Secure Remote Password SRP SRP6a implementation.

    Affected versions of this package are vulnerable to Insufficient Entropy in the toHex function. An attacker can reduce the security margin of the protocol and potentially compromise session confidentiality by exploiting the predictable bit length of the generated value.

    How to fix Insufficient Entropy?

    Upgrade thinbus-srp to version 2.0.1 or higher.

    <2.0.1
    Go back to all versions of this package