Support / Knowledge Base / Is the NET+OS's SNTP implementation vulnerable to CVE-2014-9293?

Is the NET+OS's SNTP implementation vulnerable to CVE-2014-9293?

Problem: A vulnerability was discovered in certain SNTP implementations, specifically according to the following web site:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9293,
"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via brute-force attack.

Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL in its sending and receiving of packets. Thus the NET+OS development environment is not vulnerable to CVE-2014-9293.

Customer actions: No customer action is required.

Citations:
"Vulnerability Summary for CVE-2014-9293". NIST, National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9293
 
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us