I discovered and reported this exploit in py-bcrypt 0.2 while building a server using bcrypt. It works by targeting a race condition with thread synchronization. py-bcrypt was vulnerable between July 2010 and March 2013.
The included demo exploit models a vulnerable server, a user, and an attacker.
The upstream fix announcement (released as py-bcrypt 0.3) is here: https://code.google.com/p/py-bcrypt/source/detail?r=3bc365ff43736d26ff37e9f2a4084f37b381b569
I previously blogged about it here: https://blog.spideroak.com/20130318170436-security-vulnerability-in-py-bcrypt-02