Initial release: June 13, 2008
Simple Network Management Protocol (SNMP) is a set of standards used in network and systems management. It is deployed in many networks including Indiana University's.
SNMP version 3 (three) utilizes an authentication method that relies on key-hashed message authentication code (HMAC). Contrary to the SNMPv3 specification many implementations of this system allow the client to impose the use of a very short and easily guessable hash value.
Attackers successfully exploiting this vulnerability have access to the SNMP Management Information Base equivalent to that of the user account they spoof. A successful attacker may gain control of the exploited system.
The ITSO is not aware of exploitation of this vulnerability on the Indiana University network at this time. Exploit code for this vulnerability is publicly available.
The ITSO recommends that users follow vendor instructions to patch or upgrade all affected products as soon as possible. If no patch or upgrade is available, follow the workarounds listed below and continue to look for a patch from your vendor.
System administrators may activate and require DES or AES support for all SNMPv3 users making successful exploitation of this vulnerability more difficult.
System administrators may reduce the attack surface of their SNMPv3 enabled devices with appropriate firewall settings limiting UDP access on ports 161 and 162 to only those IP addresses that require it.
Also activate and monitor SNMPv3 authentication notifications. Failed authentication attempts may indicate an attack is underway.