cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNMP V3 Communication ( Security- HMAC )

Anon
Community Manager
Community Manager
‎06-26-2017 05:27 PM
‎06-26-2017 05:27 PM

SNMP V3 Communication ( Security- HMAC )

Hi all,

My Security Team has pointed out a point regarding SNMP v3 communication.
There could be a security problem. It could be possible to bypass the authentication function.
SNMPv3 use Hash Message Authentication Code (HMAC), described in RFC3414 and this use HMAC-MD5-96 or HMAC-SHA-96.

The Problem could be that a System send out a one Byte HMAC to authenticate successful.

https://www.rapid7.com/db/vulnerabilities/snmp-snmpv3-hmac-auth-spoofing.

Is this security issue with prognosis? Or how was this problem resolved?

Many Thanks

Carsten
0 Likes
Reply
2 REPLIES 2
Anon
Community Manager
Community Manager
‎06-26-2017 05:45 PM
‎06-26-2017 05:45 PM

Re: SNMP V3 Communication ( Security- HMAC )

HI Carsten,

thanks for letting us know about your concern as security is most important. I can't confirm this but will help to get colleagues from the product team to look at this.
0 Likes
Reply
GeraldC
Hero
Hero
‎06-28-2017 11:22 AM
‎06-28-2017 11:22 AM

Re: SNMP V3 Communication ( Security- HMAC )

Hi Carsten, Our product team confirm that Prognosis 11.1 and later should not have this vulnerability. Let us know if any further queries about it. HTH
0 Likes
Reply

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect