VYPR

npm package

thinbus-srp

pkg:npm/thinbus-srp

Vulnerabilities (1)

  • CVE-2025-54885MedAug 7, 2025
    affected < 2.0.1fixed 2.0.1

    Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe