Security Advisory

CVE-2016-5117

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-01-31 19:00:00

Last updated 2024-08-06 00:53:47

Assigner mitre

State PUBLISHED

Description

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.

← Browse all CVEs View on cve.org ↗