Filtered by vendor Ntpsec
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4012 | 1 Ntpsec | 1 Ntpsec | 2023-08-15 | N/A | 7.5 HIGH |
| ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). | |||||
| CVE-2021-22212 | 2 Fedoraproject, Ntpsec | 2 Fedora, Ntpsec | 2022-06-04 | 5.8 MEDIUM | 7.4 HIGH |
| ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. | |||||