The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
References
Configurations
Information
Published : 2015-04-08 03:59
Updated : 2023-02-12 15:15
NVD link : CVE-2015-1798
Mitre link : CVE-2015-1798
JSON object : View
CWE
CWE-17
DEPRECATED: Code
Products Affected
ntp
- ntp