Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SNMP v3 trouble InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SNMP v3 trouble

Published: 2008-06-10
Last Updated: 2008-06-11 14:56:48 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

SNMP typically isn't the most loved protocol when it comes to security, most of this stems from the older versions.  The current version (SNMPv3) has a way to do authentication using a keyed-Hash Message Authentication Code (HMAC) HMAC.

It seems CERT is coordinating a vulnerability regarding this: "Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte." Which obviously isn't the right thing to do.

Cisco has a security advisory on the topic, as will other vendors without much doubt.

--
Swa Frantzen -- Gorilla Security

Keywords: CERT SNMP
0 comment(s)
Diary Archives