SNMP Default public/private String Information Disclosure

1998-11-17T00:00:00
ID OSVDB:209
Type osvdb
Reporter OSVDB
Modified 1998-11-17T00:00:00

Description

Vulnerability Description

SNMP implementations of multiple vendors contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to default SNMP community names like 'public' or 'private', which will disclose sensitive information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable or remove the SNMP Service if it is not required or take steps to secure the SNMP community names.

Short Description

SNMP implementations of multiple vendors contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to default SNMP community names like 'public' or 'private', which will disclose sensitive information resulting in a loss of confidentiality.

References:

Snort Signature ID: 1411 Snort Signature ID: 1413 Snort Signature ID: 1414 Snort Signature ID: 1412 Other Advisory URL: http://cert.uni-stuttgart.de/archive/bugtraq/1998/11/msg00249.html Nessus Plugin ID:10264 Microsoft Knowledge Base Article: 99880 ISS X-Force ID: 1240 CVE-1999-0517 Bugtraq ID: 2112