CVE-2016-1550
ntp: libntp message digest disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
Existe una vulnerabilidad explotable en el mensaje de autenticación de la función del libntp en ntp 4.2.8p4 y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. Un atacante puede enviar series de mensajes manipulados para intentar el mensaje de dirección de clave.
A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-07 CVE Reserved
- 2016-05-02 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (36)
URL | Date | SRC |
---|
URL | Date | SRC |
---|