NTP BUG 3043: Autokey association reset
Last update: February 15, 2022 20:59 UTC (43fbd379b)
An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a
CRYPTO_NAK or a bad MAC and cause the association’s peer variables to be cleared. If this can be done often enough, it will prevent that association from working.
This weakness was discovered by Miroslav Lichvar of Red Hat.