1. CVE-Search
  2. CVE-2021-33880
ID CVE-2021-33880
Summary The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
References
Vulnerable Configurations
  • cpe:2.3:a:websockets_project:websockets:-:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:-:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:1.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:1.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.2:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.3:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.3:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.4:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.4:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.5:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.5:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.6:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.6:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:2.7:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:2.7:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:3.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:3.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:3.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:3.2:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:3.2:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:3.3:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:3.3:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:3.4:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:3.4:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:4.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:4.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:4.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:4.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:5.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:5.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:5.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:5.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:6.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:6.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:7.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:7.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:8.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:8.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:8.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:8.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:8.0.2:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:8.0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:8.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:8.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:9.0:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:9.0:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:9.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:9.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:websockets_project:websockets:9.0.2:*:*:*:*:python:*:*
    cpe:2.3:a:websockets_project:websockets:9.0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 12-05-2022 - 14:07)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
Last major update 12-05-2022 - 14:07
Published 06-06-2021 - 15:15
Last modified 12-05-2022 - 14:07
Back to Top