CVE-2021-33880 - log back

CVE-2021-33880 edited at 09 Jun 2021 08:53:14
Description
- The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
+ The aaugustin websockets library before 9.1 for Python has an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
CVE-2021-33880 edited at 06 Jun 2021 16:41:43
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Private key recovery
Description
+ The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
References
+ https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
Notes
CVE-2021-33880 created at 06 Jun 2021 16:40:43