The Tillitis TKey Client package contains a buffer index error in its Go module that silently discards any User Supplied Secret (USS) whose hash starts with 0x00. This causes the client to treat such a USS as if none were supplied, producing the same Compound Device Identifier (CDI) and identical key material as if no USS had been provided. Consequently, 1 out of every 256 intended USS values are effectively ignored, leading to a collision in key generation. The flaw is a protocol implementation error (CWE-303) that undermines the uniqueness of cryptographic keys and can allow an attacker to force duplicate keys, potentially exposing data encrypted with those keys.

All instances of the TKey Client Go package with version 1.2.0 and below are affected. The issue was detected in the source code commit 4954dccf0287657edf8d405057e134cdff9c59e8 and is addressed in release v1.3.0, which replaces the faulty buffer handling logic. Users running any earlier releases should therefore consider their installations vulnerable.

The CVSS score is 4.7, indicating moderate severity. The EPSS score indicates an exploitation probability of 7e-05 (0.007%) and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known active exploitation. The attack vector is implicit: an attacker who can supply a USS whose hash digest begins with 0x00 can trigger the collision. Since the flaw exists entirely on the client side, exploitation requires control over the USS rather than network access, leading to a moderate but non-zero risk of key duplication and potential data compromise.