Intrusion Prevention

Network.Time.Protocol.Daemon.Crypto.NAK.Authentication.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass Vulnerability NTP Daemon
The vulnerability is due to an improper validation when vulnerable application parsing a crafted request. A remote attacker could exploit this to bypass authentication mechanism of the target application, via a crafted request.

Affected Products

ntp.org NTP prior to 4.2.8p4

Impact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems

Recommended Actions

Apply the most recent upgrade or patch from the vendor
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner

CVE References

CVE-2015-7871