Vulnerabilities > CVE-2021-33880 - Information Exposure Through Discrepancy vulnerability in multiple products

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

websockets-project

oracle

CWE-203

NVD

Published: 2021-06-06

Updated: 2022-05-12

Summary

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Vulnerable Configurations

Part	Description	Count
Application	Websockets_Project Websockets Project Websockets - Websockets Project Websockets 1.0 Websockets Project Websockets 2.0 Websockets Project Websockets 2.1 Websockets Project Websockets 2.2 Websockets Project Websockets 2.3 Websockets Project Websockets 2.4 Websockets Project Websockets 2.5 Websockets Project Websockets 2.6 Websockets Project Websockets 2.7 Websockets Project Websockets 3.0 Websockets Project Websockets 3.1 Websockets Project Websockets 3.2 Websockets Project Websockets 3.3 Websockets Project Websockets 3.4 Websockets Project Websockets 4.0 Websockets Project Websockets 4.0.1 Websockets Project Websockets 5.0 Websockets Project Websockets 5.0.1 Websockets Project Websockets 6.0 Websockets Project Websockets 7.0 Websockets Project Websockets 8.0 Websockets Project Websockets 8.0.1 Websockets Project Websockets 8.0.2 Websockets Project Websockets 8.1 Websockets Project Websockets 9.0 Websockets Project Websockets 9.0.1 Websockets Project Websockets 9.0.2	28
Application	Oracle Oracle Communications Cloud Native Core Policy 1.14.0 Oracle Communications Cloud Native Core Unified Data Repository 1.14.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0	4

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References