websockets is vulnerable to information disclosure. The vulnerability exists due to an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory
, allowing an attacker to guess a password via timing attack.
CPE | Name | Operator | Version |
---|---|---|---|
websockets | le | 9.0.2 | |
websockets | le | 9.0.2 |