The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

10.  Default SNMP community strings set to "public" and "private"

The Simple Network Management Protocol (SNMP) is widely used by network administrators to monitor all types of network devices.  SNMP uses an unencrypted community string for authentication.

Versions Effected:  Any device that is SNMP enabled and uses the default community strings.

CVE Entry:  CAN-1999-0517, CAN-1999-0516, CAN-1999-0254, CAN-1999-0186

Details:  SNMP provides administrators with a lot of remote power and functionality in managing network devices.  Unfortunately, the fact that the community strings are guessable makes SNMP a valuable tool for malicious hackers as well.  Sniffing SNMP traffic will reveal a tremendous amount of useful information for a potential intruder.

Recommendations: As with most network services if it is not needed SNMP should be disabled.  If SNMP is required following strong password guidelines when setting community names.  Be sure that community names are validated using snmpwalk and where possible make MIBs read only.

Additional Information:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid210315

http://www.sans.org/topten.htm

 



Contact: info@razor.bindview.com | | Bindview Home