Vulnerabilities > CVE-2016-5117 - 7PK - Security Features vulnerability in Openntpd 6.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.

Vulnerable Configurations

Part Description Count
Application
Openntpd
1

Common Weakness Enumeration (CWE)