NTPsec 1.2.0

CPE Details

NTPsec 1.2.0
ntpsec
ntpsec
1.2.0
2021-06-15
13h26 +00:00
2021-07-26
14h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ntpsec:ntpsec:1.2.0:*:*:*:*:*:*:*

Informations

Vendor

ntpsec

Product

ntpsec

Version

1.2.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-22212 2021-06-08 10h07 +00:00 ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.
7.4
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.