Is the NET+OS's SNTP implementation vulnerable to CVE-2014-9293?

Problem: A vulnerability was discovered in certain SNTP implementations, specifically according to the following web site:,
"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via brute-force attack.

Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL in its sending and receiving of packets. Thus the NET+OS development environment is not vulnerable to CVE-2014-9293.

Customer actions: No customer action is required.

"Vulnerability Summary for CVE-2014-9293". NIST, National Vulnerability Database.
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us