NTP clock variables information disclosure
|1||(AV:N/AC:L/Au:N/C:N/I:N/A:N)||May 06, 2009||April 01, 2011||March 19, 2014|
This sytem allows the internal NTP variables to be queried. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- Disable NTP readvar queries
Apply a restrict option to all hosts that are not authorized to perform NTP readvar queries. For example, to deny readvar requests from all clients, put the following in the NTP configuration file, typically /etc/ntp.conf, and restart the NTP service:
restrict default mask 0.0.0.0 noquery
Restrict NTP readvar queries
Apply an ACL that restricts NTP readvar queries from unauthorized clients, as described in the 'Configuring NTP Access Restrictions' section of the Cisco IOS documentation.
Alternatively, if NTP is not required, disable it entirely by running the following command: