CVE-2025-54885: 
JavaScript vulnerability analysis and mitigation

CVE-2025-54885 affects Thinbus Javascript Secure Remote Password (thinbus-srp-npm), a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime (defaulted to 2048 bits). The vulnerability was discovered and disclosed on August 5, 2025, and has been fixed in version 2.0.1 (GitHub Advisory).

The vulnerability stems from a protocol compliance issue where the client public value is being generated from a private value that is 4 bits below the RFC 5054 specification minimum requirement of 256 bits. The bug occurs due to incorrect parameter passing in the randomA() function, where 'N' is passed as a constructor function instead of the actual BigInteger prime value. This results in the client generating only 252 bits of entropy while the server maintains the full 2048-bit security level (GitHub Issue). The vulnerability has been assigned a CVSS v4.0 score of 6.9 (Medium) with vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U (NVD).

The reduced entropy in client key generation significantly weakens the protocol's designed security margin, making it practically exploitable. While still providing some cryptographic security, the 252-bit entropy falls short of both the minimum 256-bit requirement specified in RFC 5054 and the intended 2048-bit security level matching the safe prime (GitHub Advisory).

The vulnerability has been fixed in version 2.0.1 of thinbus-srp-npm. For users unable to upgrade immediately, a workaround is available by modifying the code to use the correct parameter: change 'var hexLength = this.toHex(N).length' to 'var hexLength = this.toHex(this.N()).length' (GitHub Advisory).