virus logo FortiClient Vulnerability

NetworkTimeFoundation NTP CVE-2015-7974 Authentication Bypass Vulnerability

description-logoDescription

Symmetric key encryption uses a shared trusted key. The reported title for this issue was "Missing key check allows impersonation between authenticated peers" and the report claimed "A key specified only for one server should only work to authenticate that server, other trusted keys should be refused." Except there has never been any correlation between this trusted key and server v. clients machines and there has never been any way to specify a key only for one server. We have treated this as an enhancement request, and ntp-4.2.8p6 includes other checks and tests to strengthen clients against attacks coming from broadcast servers.

affected-products-logoAffected Applications

NTP

CVE References

CVE-2015-7974

Other References

http://support.ntp.org/bin/view/Main/NtpNtpBug2936
ID 38932
Created Jan 17, 2020
Description
Updated		 Dec 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor NetworkTimeFoundation
Patch manual
Application NTP