The config_auth function in ntpd in NTP prior to 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |