Last Modified: Jul 09, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.5.0, 17.5.1
Opened: Mar 31, 2025 Severity: 3-Major
The Network Time Protocol (NTP) server, where symmetric keys were used for cryptographic operations, was truncated to 30 bytes. This limitation restricted the effective length of symmetric keys even when longer keys were provided. As a result, it reduced the expected level of security for configurations utilizing keys longer than 30 bytes. (For example, using SHA256 symmetric keys will fail)
- Truncating symmetric keys to 30 bytes in NTP significantly reduces security by limiting entropy, diminishing compliance with cryptographic standards, and opening systems to a range of attack vectors. - The truncation silently weakens configurations, affecting user trust and operational reliability.
When NTP uses a symmetric key size of 30 bytes or more.
None
None