Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point

To: mad-vaittes@xxxxxxxxxxxxxxxx
Subject: Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
From: Simon Richter <Simon.Richter@xxxxxxxxxx>
Date: Fri, 9 Jan 2009 17:52:08 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200901090856.n098uQQE015089@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200901090856.n098uQQE015089@xxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.18 (2008-05-17)

Hi,

> WG102 offers the the typical SNMP write & SNMP read community password 
> 'protection'.

SNMP communities are a safety, not a security measure. I know of very few
SNMP implementations that have protections against brute force or
dictionary attacks.

> Proposed fixes:
>  do not enable SNMP at all. vendor fix required.

This AP can use VLAN tagging to separate management traffic from user data,
which is generally a good idea in any environment.

   Simon

Follow-Ups:
- Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
  - From: Steve Shockley

References:
- Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
  - From: mad-vaittes

Prev by Date: Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit
Next by Date: Java Runtime UTF-8 Decoder Smuggling Vector
Previous by thread: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
Next by thread: Re: Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point
Index(es):
- Date
- Thread