The aaugustin websockets library prior to 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
websockets project websockets |
||
oracle communications cloud native core policy 1.14.0 |
||
oracle communications cloud native core unified data repository 1.14.0 |
||
oracle communications cloud native core service communication proxy 1.14.0 |
||
oracle communications cloud native core security edge protection proxy 1.5.0 |