Home » Story links » Param's story links

SNMP Scanning Increase

Link: http://asert.arbornetworks.com/2008/06/snmp-scanning-increas...
Points: 273 views User: Param Comments: 0 Comments Tag:

A multi-vendor SNMPv3 security bug has been found and fixed in Net-SNMP 5.x. It turns out that a lot of vendors suffered the same issues, probably from commonly derived code. Vendors including Juniper, Cisco, and NetApp, among others, have been affected and have made updates available to customers. The bug is in the HMAC digest authentication mechanism that SNMPv3 uses. It reduced the size of the effective authentication digest to 1 byte. So, an attacker can brute force her way across all 256 packets to bypass authentication. Within a couple of days exploit code was available.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.