The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=…). An attacker may be able to guess a password via a timing attack.
CPE | Name | Operator | Version |
---|---|---|---|
websockets | eq | 8.0.2 | |
websockets | eq | 4.0.1 | |
websockets | eq | 3.3 | |
websockets | eq | 3.2 | |
websockets | eq | 4.0 | |
websockets | eq | 2.2 | |
websockets | eq | 2.3 | |
websockets | eq | 6.0 | |
websockets | eq | 3.1 | |
websockets | eq | 8.0.1 |