Hi Robert, I checked Wes's theory and 'YES' it is defaulting to 'auth' when no explicit mandate for encryption is done.
In vacm_create_simple() function, below code defaults to 'auth' when 'priv' token is not explicitly mentioned. if (cp && *cp) cp = copy_nword(cp, authlevel, sizeof(authlevel)); else strcpy(authlevel, "auth"); Regards, Madhu -----Original Message----- From: NetSNMP Mailbox <net-snmp-m...@freesnmp.com> On Behalf Of Robert Story Sent: Saturday, January 19, 2019 4:53 AM To: Madhusudhana R <madhusudhan...@in.abb.com> Cc: net-snmp-coders@lists.sourceforge.net Subject: Re: Netsnmpv5.8 possible security flaw CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Madhusudhana, Did you go back and confirm Wes' theory? Did you see an authPriv request which failed, followed by and auth request that succeeded? Robert On Wed, 9 Jan 2019 04:19:28 +0000 Madhusudhana wrote: MR> Thanks Wes. MR> MR> -----Original Message----- MR> From: Wes Hardaker [mailto:harda...@users.sourceforge.net] MR> Sent: Tuesday, January 08, 2019 10:08 PM MR> MR> Madhusudhana R <madhusudhan...@in.abb.com> writes: MR> MR> > Can you please let me know whether this feature is added newly in MR> > v5.8 or it was an existing feature in v5.7.3 ? MR> > If it is a new feature in v5.8, is there a way to toggle some MR> > MACRO value to make sure an user with authpriv protocol will MR> > always responds in encrypted way? MR> MR> It's not new at all; that behavior has been around since the MR> creation of the SNMPv3 code within Net-SNMP (which at the time was MR> called UCD-SNMP, showing how old this concept is). At the time, MR> encryption wasn't even possible for everyone deploying the code (and MR> the only encryption supported was DES). The world tended to also MR> believe that authentication (ensuring packets weren't modified) was MR> a "must have" but encryption was merely a "would be nice if you MR> could, but it's not critical". _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders