The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-06T14:05:45
Updated: 2024-08-04T00:05:51.647Z
Reserved: 2021-06-06T00:00:00
Link: CVE-2021-33880
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-06T15:15:07.407
Modified: 2024-11-21T06:09:42.373
Link: CVE-2021-33880
Redhat
No data.