Описание
Observable Timing Discrepancy in aaugustin websockets library
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-33880
- https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
- https://github.com/aaugustin/websockets
- https://github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yaml
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Пакеты
websockets
< 9.1
9.1
EPSS
8.2 High
CVSS4
5.9 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
The aaugustin websockets library before 9.1 for Python has an Observab ...
Уязвимость библиотеки aaugustin протокола связи websockets языка программирования Python, связанная с утечкой информации на основании временных расхождений, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
8.2 High
CVSS4
5.9 Medium
CVSS3