CVE-2021-33880 log

Severity Medium
Remote Yes
Type Private key recovery
The aaugustin websockets library before 9.1 for Python has an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Group Package Affected Fixed Severity Status Ticket
AVG-2040 python-websockets 9.0.1-3 9.1-1 Medium Fixed
Date Advisory Group Package Severity Type
09 Jun 2021 ASA-202106-26 AVG-2040 python-websockets Medium private key recovery