The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language arises from information leaks due to temporal discrepancies. This allows attackers to gain access to confidential data.

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language is related to an error that occurs when basic authentication using basicauthprotocolfactorycredentials=... is enabled. Exploiting this vulnerability can allow a remote attacker to gain access...

[ASA-202106-26] python-websockets: private key recovery

Arch Linux Security Advisory ASA-202106-26 ========================================== Severity: Medium Date : 2021-06-09 CVE-ID : CVE-2021-33880 Package : python-websockets Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-2040 Summary ======= The package...

CVE-2021-33880

The CVE-2021-33880 issue affects the aaugustin websockets library for Python, before version 9.1. It describes an Observable Timing Discrepancy when HTTP Basic Authentication is enabled (basic_auth_protocol_factory(credentials=...)), allowing an attacker to guess passwords via a timing attack. A ...

aaugustin websockets denial of service vulnerability

aaugustin websockets is a library for building WebSocket servers and clients in Python. A security vulnerability exists in aaugustin websockets version 4. An attacker can exploit this vulnerability to cause a denial of service memory exhaustion...

CVE-2018-1000518

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

Design/Logic Flaw

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

PYSEC-2018-79

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

CVE-2018-1000518

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

CVE-2018-1000518

CVE-2018-1000518 concerns a vulnerability in the Python websockets library (aaugustin websockets) where version 4 allows a Denial of Service via memory exhaustion. The issue arises from improper handling of highly compressed data (Data Amplification, CWE-409) when compression is enabled (i.e., no...

PT-2018-9415 · Aaugustin +1 · Uwebsockets +1

Name of the Vulnerable Software and Affected Versions: aaugustin websockets versions 4.0 through 4.0 Description: The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted...