MEDIUM
Openntpd
CVE published 2017-01-31
CVE-2016-5117
CVE-2016-5117 affects OpenNTPD before 6.0p1. The issue is a missing validation check for the CN on HTTPS constraint requests, which can let a remote attacker bypass intended man-in-the-middle protections by supplying a crafted timestamp constraint that uses a valid certificate. This is an integrity-impacting flaw rather than a code-execution issue.