Improper TSIG Validity Period Check in Knot DNS Allows Authentication Bypass

Improper TSIG Validity Period Check in Knot DNS Allows Authentication Bypass

CVE-2017-11104 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.

Learn more about our Web Application Penetration Testing UK.