CVE-2014-9293 (retired)

Priority
Description
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key
is not configured, improperly generates a key, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via a
brute-force attack.
Notes
 mdeslaur> upstream commit in 4.2.7p11 removes automatic key generation
 mdeslaur> completely. Red Hat fixed the issue in a different way.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 12:13:50 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)