Hi,
There is an issue with authentication password and
privacy password used with SNMP v3 in net-snmp. Please
give your
suggestion.
When a user is added with:
net-snmp-config --create-snmpv3-user -a "12345678" -x
"12345678" -A MD5 user1
All the snmp queries with any number of repeated
patterns of the password are allowed for the
corresponding username. For the above configuration,
snmpwalk works with any of the following
snmpwalk -v 3 -u user1 -l authPriv -a MD5 -A 12345678
-X 12345678 -m all -M . 192.168.1.100 system
snmpwalk -v 3 -u user1 -l authPriv -a MD5 -A
1234567812345678 -X 1234567812345678 -m all -M .
192.168.1.100 system
snmpwalk -v 3 -u user1 -l authPriv -a MD5 -A
123456781234567812345678 -X 123456781234567812345678
-m all -M . 192.168.1.100 system
Isn't this a security issue?
Please give your comment.
Regards,
Saif
___________________________________________________________
Yahoo! Exclusive Xmas Game, help Santa with his celebrity party -
http://santas-christmas-party.yahoo.net/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
