NTP BUG 2879: Improve NTP security against buffer comparison timing attacks
Last update: February 15, 2022 20:59 UTC (43fbd379b)
Packet authentication tests have been performed using
memcmp() or possibly
bcmp(), and it is potentially possible for a local or perhaps LAN-based attacker to send a packet with an authentication payload and indirectly observe how much of the digest has matched.
This weakness was discovered independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.