Unverified Peer Associations in Chrony Authentication: Skeleton Key Vulnerability
CVE-2016-1567 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Learn more about our Web Application Penetration Testing UK.