The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T00:05:51.647Z
Reserved: 2021-06-06T00:00:00
Link: CVE-2021-33880

No data.

Status : Modified
Published: 2021-06-06T15:15:07.407
Modified: 2024-11-21T06:09:42.373
Link: CVE-2021-33880

No data.