Dear All ,
Our SNMP products SNMP API & SNMP Utilities are free from CERT SNMP-V3 Authentication Vulnerability issue VU#878044
The US-CERT (United States Computer Emergency Readiness Team) has described an SNMPv3 Authentication vulnerability in their Vulnerability Note
VU#878044Here is the description,
"SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte."
We would like to state that our products DO NOT have the above mentioned authentication vulnerability at all, because the products already check for the correct length of the HMAC code. A packet with a shortened HMAC code in the authenticator field, is altogether dropped and appropriate error is notified. So, this vulnerability issue (VU#878044) is not present in our AdventNet products. Hence there is no specific action to be taken by the users of AdventNet products, with regard to this vulnerability issue
The same was also mentioned in our website which can be found in the below link,
http://www.adventnet.com/products/cert_snmp_authentication_vulnerability_notes.htmlContact us at
snmp-support@adventnet.com for any further clarification
Thanks & Best Regards,
SNMP-Team
Loading User Profile...