Re: SNMP v3 user authentication password with pattern problem

[Bernd Eilers]

HelloTadas Ivanovas,

Yes there is a pattern repetition involved here - but it is not a 
problem - you just have to think carefully what you choose.


This just works exactly as it was designed in the SNMP Specifications, 
you can find the details about that here:


https://tools.ietf.org/html/rfc3414#appendix-A.2.1

Kind regards
Bernd Eilers




On 7/13/20 2:58 PM, Tadas Ivanovas wrote:
Hello, I'm using net-snmp 5.8 with version 3 support. I've noticed 
that agents can authenticate messages with passwords by pattern only. 
What I mean is, for example, if I create the user with password 
"" (12 a's), that agent authenticates with password 
"" (8 a's). I've tried it with Linux OS (OpenWRT and Ubuntu).


Here is how I create a sample SNMP server: /usr/sbin/snmpd -Lo -f -d 
-q -Cc /snmpd.conf --noPersistentSave=1 --noPersistentLoad=1

My "snmpd.conf" file looks like this:

agentaddress udp:161
sysLocation location
sysContact em...@example.com
sysName name
exec  filedescriptors /bin/cat /proc/sys/fs/file-nr
createUser agurkas MD5 "abcabcabcabcabcabcabcabcabcabcabcabc"
rouser agurkas auth
dlmod chilli /usr/lib/snmpd-mod/chilli.so
dlmod device /usr/lib/snmpd-mod/device.so
dlmod gps /usr/lib/snmpd-mod/gps.so
dlmod gsm /usr/lib/snmpd-mod/gsm.so
dlmod traps /usr/lib/snmpd-mod/traps.so

And authentication is succesful if I try "snmpwalk" command from other 
endpoint:


snmpwalk -d -v3 -l authNoPriv -u agurkas -a MD5 -A abcabcabc 
192.168.1.1 1.3.6.1.4.1.48690.1.2


This time the pattern is "abc", and it does not matter how many times 
you repeat "abc", as long as it meets minimum password length. Did not 
find any information online about this problem, maybe some 
configurations are wrong?




--
Signature

Mit freundlichen Grüßen | with kind regards

i.A. Bernd Eilers

Fr. Meyer's Sohn (GmbH & Co.) KG
Grüner Deich 19
20097 Hamburg | Germany

Tel.: +49 40 2393 1468
Fax: +49 40 2393 2468
E-Mail: bernd.eil...@fms-logistics.com 


Internet: www.fms-logistics.com 


Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen 
Spediteurbedingungen 2017 (ADSp 2017). Die ADSp 2017 beschränken in 
Ziffer 23 die gesetzliche Haftung für Güterschäden, die nach der 
gesetzlichen Regelung in § 431 HGB auf 8,33 SZR/kg beschränkt ist, 
weiter auf 1,25 Mio. € je Schadenfall bzw. 2,5 Mio. € je Schadenereignis 
oder auf 2 SZR/kg, je nachdem, welcher Betrag höher ist. Bei 
multimodalen Transporten unter Einschluss einer Seebeförderung ist die 
Haftungsgrenze generell 2 SZR/kg. Die ADSp sind auf unserer Website 
(https://www.fms-logistics.com/agb) abrufbar und werden auf Verlangen 
übersandt. Wir haben die Speditionshaftungsversicherung bei W. Droege & 
Co. GmbH. & Co. KG gezeichnet.
Unter https://www.fms-logistics.com/datenschutz können Sie unsere 
Informationen zum Datenschutz einsehen.


Our services are governed exclusively by the Allgemeine Deutsche 
Spediteurbedingungen 2017 (ADSp 2017) (German Freight Forwarders' 
General Terms and Conditions 2017). As stated in clause 23 of the ADSp 
2017, the statutory liability, which is limited in Section 431 of the 
German Commercial Code (HGB) to 8,33 Special Drawing Rights per kilogram 
(SDR/kg), is further limited to a maximum of € 1,25 million per claim or 
to € 2,5 million per event or to 2 SDR/kg, whichever sum is higher. In 
the case of a multimodal transport which includes sea carriage the 
maximum liability is in general 2 SDR/kg. The ADSp are available on our 
website (https://www.fms-logistics.com/en/general-terms-and-conditions) 
and can be obtained from the company on request. Our forwarder liability 
insurance is covered at W. Droege & Co. GmbH. & Co. KG.
Under https://www.fms-logistics.com/en/privacy-statement you can find 
more information about our data privacy principles.


Gerichtsstand/place of jurisdiction: Hamburg. Handelsregister/commercial 
register: Hamburg HRA 41917. Rechtsform/legal form: 
Kommanditgesellschaft/Limited Partnership. Persönlich haftende 
Gesellschafter/general partner: Speditionsgesellschaft Fr. Meyer's Sohn 
mbH. Handelsregister/commercial register: Hamburg HRB 17990. 
Geschäftsführer/managing directors: Dominik Lucius, Heiko Voigt



___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

SNMP v3 user authentication password with pattern problem

[Tadas Ivanovas]

Hello, I'm using net-snmp 5.8 with version 3 support. I've noticed that 
agents can authenticate messages with passwords by pattern only. What I 
mean is, for example, if I create the user with password "" 
(12 a's), that agent authenticates with password "" (8 a's). 
I've tried it with Linux OS (OpenWRT and Ubuntu).


Here is how I create a sample SNMP server: /usr/sbin/snmpd -Lo -f -d -q 
-Cc /snmpd.conf --noPersistentSave=1 --noPersistentLoad=1

My "snmpd.conf" file looks like this:

agentaddress udp:161
sysLocation location
sysContact em...@example.com
sysName name
exec  filedescriptors /bin/cat /proc/sys/fs/file-nr
createUser agurkas MD5 "abcabcabcabcabcabcabcabcabcabcabcabc"
rouser agurkas auth
dlmod chilli /usr/lib/snmpd-mod/chilli.so
dlmod device /usr/lib/snmpd-mod/device.so
dlmod gps /usr/lib/snmpd-mod/gps.so
dlmod gsm /usr/lib/snmpd-mod/gsm.so
dlmod traps /usr/lib/snmpd-mod/traps.so

And authentication is succesful if I try "snmpwalk" command from other 
endpoint:


snmpwalk -d -v3 -l authNoPriv -u agurkas -a MD5 -A abcabcabc 192.168.1.1 
1.3.6.1.4.1.48690.1.2


This time the pattern is "abc", and it does not matter how many times 
you repeat "abc", as long as it meets minimum password length. Did not 
find any information online about this problem, maybe some 
configurations are wrong?


--
Pagarbiai,
Linux programuotojas,
Tadas Ivanovas,
+37062691623



___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users