SNMP typically isn't the most loved protocol when it comes to security, most of this stems from the older versions. The current version (SNMPv3) has a way to do authentication using a keyed-Hash Message Authentication Code (HMAC) HMAC. It seems CERT is coordinating a vulnerability regarding this: "Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte." Which obviously isn't the right thing to do. Cisco has a security advisory on the topic, as will other vendors without much doubt. -- |
Swa 760 Posts Jun 11th 2008 |
Thread locked Subscribe |
Jun 11th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!