๐ CVE-2021-33880
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: web.nvd.nist.gov
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. ...