---

CVE-2021-33880 - log back

CVE-2021-33880 edited at 09 Jun 2021 08:53:14

Description

- The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. + The aaugustin websockets library before 9.1 for Python has an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

CVE-2021-33880 edited at 06 Jun 2021 16:41:43
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Private key recovery
Description	+ The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
References	+ https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
Notes

CVE-2021-33880 created at 06 Jun 2021 16:40:43