Lucene search
Veracode Vulnerability DatabaseVERACODE:30861HistoryJun 07, 2021 - 6:35 a.m.
Information Disclosure
2021-06-0706:35:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
44.9%
websockets is vulnerable to information disclosure. The vulnerability exists due to an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory, allowing an attacker to guess a password via timing attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| websockets | le | 9.0.2 | |
| websockets | le | 9.0.2 |
Related
osv
osv
Observable Timing Discrepancy in aaugustin websockets library
2021-06-11 17:43:14
PYSEC-2021-95
2021-06-06 15:15:00
CVE-2021-33880
2021-06-06 15:15:07
ubuntucve
ubuntucve
CVE-2021-33880
2021-06-06 00:00:00
github
github
Observable Timing Discrepancy in aaugustin websockets library
2021-06-11 17:43:14
cvelist
cvelist
CVE-2021-33880
2021-06-06 14:05:45
nvd
nvd
CVE-2021-33880
2021-06-06 15:15:07
debiancve
debiancve
CVE-2021-33880
2021-06-06 15:15:07
prion
prion
Authentication flaw
2021-06-06 15:15:00
archlinux
archlinux
[ASA-202106-26] python-websockets: private key recovery
2021-06-09 00:00:00
cve
cve
CVE-2021-33880
2021-06-06 15:15:07
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00