Cisco Uncovers Vulnerabilities in SNMPv3
On June 10, 2008, Security Researchers at Cisco found a couple of security flaws in the third version of the Simple Network Management Protocol (SNMPv3) that on exploitation could allow attackers change the configurations of network equipment and collecting system data.
SNMP is a standardized protocol which is used for monitoring and regulating network devices remotely. This security component could be exploited by sending malware-laced SNMPv3 messages. The flaws in the manner by which implementation of SNMPv3 deals with specially crafted vicious packets might allow bypassing authentication. The two flaws potentially affect both Message-Digest Algorithm-5 (MD5) and Secure Hashing Algorithm-1 (SHA-1).
Furthermore, the researchers revealed that the flaws in systems running SNM...
» SPAMfighter News - 30-06-2008