Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security Networking

Embedded Devices Leak Authentication Data Via SNMP 58

Posted by Soulskill
from the duct-tape-won't-fix-this-leak dept.
msm1267 writes: "Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary-market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text. The data could be extracted by gaining access to the read-only public SNMP community string, which enables outside access to device information. While only vulnerabilities in three brands were disclosed today, a Shodan search turns up potentially hundreds of thousands of devices that are exposing SNMP to the Internet that could be equally vulnerable."
This discussion has been archived. No new comments can be posted.

Embedded Devices Leak Authentication Data Via SNMP

Comments Filter:
  • Re:SNMP is Boss (Score:4, Interesting)

    by myowntrueself (607117) on Friday May 16, 2014 @05:53PM (#47021687)

    Also SNMPv3 is very poorly supported by many monitoring tools.

    I sometimes wonder if SNMPv3 is *deliberately* made awkward and easy to misconfigure, somewhat like IPSEC...

  • by myowntrueself (607117) on Friday May 16, 2014 @05:58PM (#47021743)

    When I was in a certain 3rd world country, which shall remain nameless, I found that a router at the National Datacenter had snmp public exposed to the world. It was interesting to find that it had ports named for all the ISPs in the country and a mirror port carrying lots of data, the volume of which corresponded to the sum of all the ISP's ports... and all these ISPs routes went through that National Datacenter.

Porsche: there simply is no substitute. -- Risky Business