漏洞关键信息 漏洞名称 BRC-104 Authentication Signature Data Preparation Vulnerability 漏洞ID CVE-2025-69287 漏洞描述 Summary: A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potential authentication bypass scenarios. Vulnerable Code Locations: - lines 527-531 (signing) - lines 584-590 (verification) Root Cause: 1. Concatenating base64-encoded nonce strings: 2. Decoding the concatenated base64 string: 修复前实现 修复后实现 严重性 CVSS v3 base metrics: 5.4/10 CVSS: 3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 影响 Vulnerability Type: Cryptographic signature verification bypass Severity: Critical (CVSS 9.1 - Critical) 影响系统 TypeScript SDK clients attempting to authenticate with Go or Python SDK servers Any BRC-104 implementation relying on cross-SDK compatibility Mutual authentication protocols using the affected signature preparation 受影响应用 Applications using the TypeScript SDK for BRC-104 authentication Systems requiring cross-language/SDK authentication compatibility Any peer-to-peer authentication scenarios where TypeScript clients communicate with non-TypeScript servers 潜在攻击向量 Authentication bypass through signature verification failure Man-in-the-middle attacks if authentication is silently ignored Denial of service through failed authentication attempts 漏洞根本原因 The vulnerability occurs because base64 padding characters (=) act as early termination signals for base64 decoders. When concatenating base64 strings before decoding: 1. Individual nonces: Each 44-character base64 string decodes to 32 bytes 2. Concatenated string: 88-character string containing padding in the middle 3. Decoding result: Base64 decoder stops at the first = padding character, producing only 32 bytes instead of 64