I am sure that some one in the next 132 emails that I have not read already answered this one, but that is the price you pay for SNMP. Don't use critical passwords with SNMP. They are in clear text. The XO radios coming out in another month or so will support SNMPv3 which uses encrypted passwords as well as many other handy management tools that are more secure.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Sims Sent: Thursday, September 11, 2003 12:23 AM To: [EMAIL PROTECTED] Subject: [smartBridges] simpleMonitor Passwords are Clear Text I was running tcpdump (this tool monitors a network interface and displays ip packets to the screen or places them in a file) on our network this evening to work on a problem. I happened to start the simpleMonitor for aBO to validate a setting for one of our clients. To my surprise, the simpleMonitor Administrator password flashed across the tcpdump window as I logged in. I switched to the Link Status tab of the simpleMonitor and the Administrator password was displayed on the tcpdump screen each time the signal strength and link quality values were updated in the simpleMonitor. This happens about once every two seconds so the password got Lots of exposure. We need to be able to access the settings of our client boxes using the wireless interface for a number of reasons (simpleMonitor, simpleNMS, ...). I'm concerned about how easy it would be for someone to crack a smartBridges network and change the settings on the AP and Client boxes. Our network is currently running with WEP Disabled until a planned network outage early next week. I hope the Admin passwords will not be in clear text after WEP is turned on. Please be aware of this password exposure if you are not running with WEP enabled. Greg ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
