Time Protocol Threat Could Allow Login with Expired Passwords

By

Timely warning sheds new light on problems with the ubiquitous Network Time Protocol

Cisco's Talos threat intelligence service has uncovered a flaw in the Network Time Protocol (NTP) authentication process that lets an attacker force the NTP daemon into pairing with a malicious time source. According to Talos, this attack “… leverages a logic error in ntpd's handling of certain crypto-NAK packets. When a vulnerable ntpd receives an NTP symmetric active crypto-NAK packet, it will peer with the sender, bypassing authentication typically required to establish a peer association.”

Although a time protocol does not provide direct access to financial or medical information, an attacker can do considerable damage if allowed to manipulate network time. Some network services will fail if the system time is out of sync, and control over time parameters could allow access through expired passwords or certificates. Attackers could also cover their tracks or manipulate banking transactions by surreptitiously altering timestamps.

Users are advised to upgrade to ntp-4.2.8p4, which fixes this vulnerability. If an upgrade isn't possible at this time, the Talos report describes some tips for firewall rules that could help mitigate the problem.

10/28/2015

Related content

  • News for Admins
    News for system administrators around the world.
    more »
  • Lead Image © joingate, 123RF.com
    Lean Linux distribution for Kubernetes
    In the world of container virtualization, the operating systems of compute nodes are largely degraded to non-player characters that can do little more than start and stop containers. Talos Linux takes the game to the extreme and offers a system for Kubernetes that weighs in at less than 90MB.
    more »
  • Lead Image © alphaspirit, 123RF.com
    Making Kerberoasting uneconomical
    A method known as Kerberoasting is an exploitation technique of the Kerberos authentication protocol. We take a closer look at the available safeguards and detection measures against this attack.
    more »
  • Photo by cdd20 on Unsplash
    Risk mitigation for Active Directory
    Active Directory default settings could expose your AD environment to security vulnerabilities. We look at account hygiene and risk mitigation in authentication, login data, PKI, domain join, and more.
    more »
  • Photo by Geran de Klerk on Unsplash
    Cyber security for the weakest link
    The balance between IT threats and IT security is woefully unbalanced in a Windows environment, requiring the enforcement of company-wide security standards.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=