Thanks a lot Dave for the information. One more issue:
snmp v3 walk with incorrect privacy password returns
timeout error.
Let us say, if i configure a privacy password as
"priv_pass"
and do snmpwalk with incorrect privacy password as
below:
Command: "snmpwalk -v 3 -u user12 -l authPriv -a md5
-A auth_pass -X priv_passp -m all -M . 192.168.1.100
system"
Output: "Timeout: No Response from 192.168.1.100"
But as per RFC 3414 section 3.2, it has to return a
valid error message based on the error found in the
query, right?
Please give your comment.
Regards,
Saif
--- Dave Shield <[EMAIL PROTECTED]> wrote:
> On Wed, 2005-12-21 at 11:18 +0000, saifulla Mohd
> Abdul wrote:
> > There is an issue with authentication password
> and
> > privacy password used with SNMP v3 in net-snmp.
>
> This isn't specific to Net-SNMP.
> It's inherent in the way pass phrases are mapped to
> authentication and encryption keys.
>
>
> > Isn't this a security issue?
>
> Yes. It's even explicitly documented as such in
> RFC 3414. See the end of the second paragraph of
> section 11.2
>
>
> > Please give your suggestion.
>
> Don't use pass phrases with repeated patterns :-)
>
> Dave
>
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
