Openntpd
Monthly
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.