CVE-2014-9293 (retired)

Priority
Description
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key
is not configured, improperly generates a key, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via a
brute-force attack.
Assigned-to
mdeslaur
Notes
mdeslaurupstream commit in 4.2.7p11 removes automatic key generation
completely. Red Hat fixed the issue in a different way.
More Information

Updated: 2019-10-09 07:51:28 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)