NTP authentication only works if the MITM doesn't know the authentication key. Even if we enable authentication on ntp.ubuntu.com, you can still MITM the ntp update since presumably everybody would be using the same authentication key.
The only way to fix this is to configure your own ntp server and use it with a key that only you know. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs