CVE-2022-48195 Information

Description

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication if the remote end advertises support for channel binding no random nonce is generated (instead the nonce is empty). This causes authentication to fail in the best case but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.

Reference

https://mellium.im/cve/cve-2022-48195/