Forgot your password?
typodupeerror
Security Networking

Embedded Devices Leak Authentication Data Via SNMP 58

Posted by Soulskill
from the duct-tape-won't-fix-this-leak dept.
msm1267 writes: "Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary-market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text. The data could be extracted by gaining access to the read-only public SNMP community string, which enables outside access to device information. While only vulnerabilities in three brands were disclosed today, a Shodan search turns up potentially hundreds of thousands of devices that are exposing SNMP to the Internet that could be equally vulnerable."
This discussion has been archived. No new comments can be posted.

Embedded Devices Leak Authentication Data Via SNMP

Comments Filter:
  • Re:SNMP is Boss (Score:4, Interesting)

    by myowntrueself (607117) on Friday May 16, 2014 @05:53PM (#47021687)

    Also SNMPv3 is very poorly supported by many monitoring tools.

    I sometimes wonder if SNMPv3 is *deliberately* made awkward and easy to misconfigure, somewhat like IPSEC...

  • by myowntrueself (607117) on Friday May 16, 2014 @05:58PM (#47021743)

    When I was in a certain 3rd world country, which shall remain nameless, I found that a router at the National Datacenter had snmp public exposed to the world. It was interesting to find that it had ports named for all the ISPs in the country and a mirror port carrying lots of data, the volume of which corresponded to the sum of all the ISP's ports... and all these ISPs routes went through that National Datacenter.

You can bring any calculator you like to the midterm, as long as it doesn't dim the lights when you turn it on. -- Hepler, Systems Design 182

Working...