Bugtraq mailing list archives
Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
From: Simon Richter <Simon.Richter () hogyros de>
Date: Fri, 9 Jan 2009 21:56:10 +0100
Hi, On Fri, Jan 09, 2009 at 03:25:44PM -0500, Steve Shockley wrote:
SNMP communities are a safety, not a security measure. I know of very few SNMP implementations that have protections against brute force or dictionary attacks.
srsly? Passwords don't have much in the way of brute-force or dictionary attack protection, but I wouldn't put my password in my out-of-office message.
Most password authentication systems have a rate limit which is pretty effective against dictionary attacks -- however SNMP implementations don't do the same for community strings. My point is that community strings are not passwords in the strictest sense, and people should stop treating them as such. Simon
Current thread:
- Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point mad-vaittes (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Steve Shockley (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Steve Shockley (Jan 09)
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point Simon Richter (Jan 09)