CVE-2015-7974 in ntp
Résumé
par MITRE
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
If you want to get the best quality for vulnerability data then you always have to consider VulDB.