The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
References
Configurations
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. |
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. | |
References |
|
Information
Published : 2015-04-08 10:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-1798
Mitre link : CVE-2015-1798
CVE.ORG link : CVE-2015-1798
JSON object : View
Products Affected
ntp
- ntp
CWE
CWE-17
DEPRECATED: Code