Security News > 2021 > April > Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise
A vulnerability residing in the "Domain Time II" network time solution can be exploited in Man-on-the-Side attacks, cyber-security firm GRIMM warned on Tuesday.
Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks.
Domain Time II consists of client and server programs, and both use the same executable to check for updates, namely dttray.
With Domain Time II server installed on a domain controller within an Active Directory forest and the update component running from such a machine, an attacker able to perform a MotS attack could essentially have malware executed with administrative privileges on the server.
"Since the Domain Time II server can track and update versions of the client software across the network, compromising the server could lead to attackers being able to spread laterally across a network to workstations, database servers, or source code repositories," GRIMM notes.
Greyware was informed of the vulnerability on March 30, 2021, and a patch was released the very next day, as Domain Time II version 5.2.b.20210331.