More on the community names being in the drop down box in the web interface:
Under Configure | Credentials, you will find a list of snmp and Windows credentials. Note that you can name each of these according to a generic format, such as "Credential01," "Credential01," etc. Thus the user would only be using the name of the credential, and not the actual password or community name itself. Mark Singh Technical Support Team Manager Ipswitch, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Singh Sent: Thursday, December 15, 2005 9:23 AM To: [email protected] Subject: RE: [WhatsUp Forum] WUP 2006 Security problem with MAC Address search Holger, thank you for raising this concern. I am discussing it with our product management group. Also thank you for posting your workaround. Mark Singh Technical Support Team Manager Ipswitch, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Beck, Holger Sent: Thursday, December 15, 2005 4:03 AM To: [email protected] Subject: [WhatsUp Forum] WUP 2006 Security problem with MAC Address search Hello, after upgrading to WUP 2006 I noticed a problem with WUPs tools to locate a MAC address which for me is a critical security issue: WUP offers to all users (even a guest account) a drop dwon list with all SNMP credential configured in WUP. I don't, that it should be common practice to reveal passwords in web interfaces to the public. I would prefer a simple input box instead of this drop down list. And I need an option to restrict access to the tools to special users in WUP. As a quick and dirty workaround I just manipulated NetworkToolsManager.asp and removed this drop down list (without any replacement - so this feature can't work anymore). Regards Holger Beck e-Mail: [EMAIL PROTECTED] http://www.gwdg.de/~hbeck Phone: +49 551 201 1554 ________________________________________________________________GWDG Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH Goettingen Am Fassberg Postfach 2841 Phone: +49 551 2 01 15 10 D-37077 Goettingen D-37018 Goettingen Fax: +49 551 2 01 21 50 Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
