CVE-2021-33880 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Private key recovery
Description	The aaugustin websockets library before 9.1 for Python has an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2040	python-websockets	9.0.1-3	9.1-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
09 Jun 2021	ASA-202106-26	AVG-2040	python-websockets	Medium	private key recovery

References
https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0