[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
Marc Deslauriers
marc.deslauriers at canonical.com
Sun Sep 2 16:51:56 UTC 2012
NTP authentication only works if the MITM doesn't know the
authentication key. Even if we enable authentication on ntp.ubuntu.com,
you can still MITM the ntp update since presumably everybody would be
using the same authentication key.
The only way to fix this is to configure your own ntp server and use it
with a key that only you know.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1039420
Title:
NTP security vulnerability because not using authentication by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions
More information about the Ubuntu-server-bugs
mailing list