Unverified Peer Associations in Chrony Authentication: Skeleton Key Vulnerability

Unverified Peer Associations in Chrony Authentication: Skeleton Key Vulnerability

CVE-2016-1567 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Learn more about our Web Application Penetration Testing UK.