10. Default SNMP community strings set to "public" and "private"
The Simple Network Management Protocol (SNMP) is widely used by network administrators to monitor all types of network devices. SNMP uses an unencrypted community string for authentication.
Versions Effected: Any device that is SNMP enabled and uses
the default community strings.
CVE Entry: CAN-1999-0517, CAN-1999-0516, CAN-1999-0254, CAN-1999-0186
Details: SNMP provides administrators with a lot of remote power and functionality in managing network devices. Unfortunately, the fact that the community strings are guessable makes SNMP a valuable tool for malicious hackers as well. Sniffing SNMP traffic will reveal a tremendous amount of useful information for a potential intruder.
Recommendations: As with most network services if it is not needed SNMP should be disabled. If SNMP is required following strong password guidelines when setting community names. Be sure that community names are validated using snmpwalk and where possible make MIBs read only.
Additional Information:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid210315
http://www.sans.org/topten.htm