A server could generate a session issuing a challenge B. An attacker could then keep on password guessing with the same A firing repeated M1. To protect against this the thinbus server object should refuse to run either step1 or step2 more than once. That forces an attacker to fetch a new challenge for every password guess at the expense of another round trip to the server.
Issue #3 resolved