The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
References
Configurations
History
No history.
Information
Published : 2015-04-08 10:59
Updated : 2024-02-28 12:20
NVD link : CVE-2015-1798
Mitre link : CVE-2015-1798
CVE.ORG link : CVE-2015-1798
JSON object : View
Products Affected
ntp
- ntp
CWE
CWE-17
DEPRECATED: Code