CVE-2016-5117

Severity CVSS v4.0:
Pending analysis
Type:
CWE-254 Security Features
Publication date:
31/01/2017
Last modified:
20/04/2025

Description

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openntpd:openntpd:*:*:*:*:*:*:*:* 6.0 (including)