Ntpsec · Ntpsec · CVE-2016-1550
**Name of the Vulnerable Software and Affected Versions**
ntp versions 4.2.8p4
NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92
**Description**
An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the `message digest key`. This could potentially be exploited by sending a series of crafted messages.
**Recommendations**
For ntp version 4.2.8p4, consider updating to a version where this issue is resolved, as the current version is affected.
For NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92, restrict access to the `message authentication` functionality until a patch is available.
As a temporary workaround, consider disabling the `message authentication` functionality in libntp until a patch is available.