Hi Coders, With Netsnmp v5.8 upgraded to my project (which was already working with v5.7.3), I am finding one problem which is as described below.
An user is created in agent (which is netsnmp v5.8) Username: 'user1' Hash algo: 'SHA224' Password: 'password123' Priv algo: 'AES192' Password: 'passwordABC' When I polled from manager(iReasoning MIB Browser) for SNMP get request with below credentials for user Username: 'user1' Hash algo: 'SHA224' Password: 'password123' Priv algo: 'AES192' Password: ' ' (a whitespace) The get request was successful though the privacy protocol password is a white space which means agent responded with a valid get response. Observation on Wireshark: There was a get response packet in un-encrypted format(plain text). Observation on Manager(iReasoning MIB browser): The get response was successful. This looks like a security flaw since a user is configured with authPriv protocol and with wrong privacy password, the response comes as a plain text. Please correct me if my observation is wrong anyway. If not, can anyone please comment on this? Thanks in advance. Regards, Madhu
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
