Parsing Vulnerability in NTPsec Affects Key Generation
CVE-2021-22212
4MEDIUM
What is CVE-2021-22212?
In NTPsec version 1.2.0, flaws in the key generation process via ntpkeygen can lead to keys containing '#' characters, which are incorrectly parsed by the ntpd service. This may result in the keys being truncated or padded, leading to potential usability issues for administrators. Furthermore, when AES128 keys are generated, a warning is issued which implies a shortening of the keys, thereby making them more susceptible to brute-force attacks. This vulnerability can thus pose a risk of man-in-the-middle attacks between NTP clients and servers, compromising network security.
Affected Version(s)
ntpsec =1.2.0
