Openntpd : Security Vulnerabilities, CVEs,
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.
Max CVSS
5.9
EPSS Score
0.17%
Published
2017-01-31
Updated
2017-02-24
1 vulnerabilities found