← Back

CVE-2021-33880

nvd nist
Published: Jun 6, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Affected (5)

Websockets Project
1 product
Websockets
Oracle
4 products
Communications Cloud Native Core Policy
Communications Cloud Native Core Security Edge Protection Proxy
Communications Cloud Native Core Service Communication Proxy
Communications Cloud Native Core Unified Data Repository
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Websockets
Before 9.1
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Communications Cloud Native Core Policy
Version 1.14.0
Communications Cloud Native Core Security Edge Protection Proxy
Version 1.5.0
Communications Cloud Native Core Service Communication Proxy
Version 1.14.0
Communications Cloud Native Core Unified Data Repository
Version 1.14.0

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (6)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.