Is the NET+OS's SNTP implementation vulnerable to CVE-2014-9293?

Problem: A vulnerability was discovered in certain SNTP implementations, specifically according to the following web site:,
"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via brute-force attack.

Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL in its sending and receiving of packets. Thus the NET+OS development environment is not vulnerable to CVE-2014-9293.

Customer actions: No customer action is required.

"Vulnerability Summary for CVE-2014-9293". NIST, National Vulnerability Database.
Last updated: Jun 21, 2019

Recently Viewed

No recently viewed articles

Did you find this article helpful?