Security researchers disclosed an authentication bypass vulnerability in Simple Network Management Protocol (SNMP). The vulnerability tracked as CVE-2017-5135 and dubbed StringBleed exposes several Internet connected devices. The authentication bypass flaw affects two of the three methods for client authentication requests on remote SNMP devices.
The flaw lies in the way human-readable string datatype value called “community string” is handled in SNMP versions 1 and 2, while SNMP version 3 have the option to use user, password and authentication methods. SNMP version 1 and version 2 should only accept the value stored in the SNMP agent authentication mechanism while authenticating. But researchers identified that some devices successfully authenticated the SNMP agent even when tested with any string or integer value. Attackers could exploit this Incorrect Access Control issue to execute code on the vulnerable devices and gain full read/write remote permissions using any string/integer value.
Post made by
newWorld
The flaw lies in the way human-readable string datatype value called “community string” is handled in SNMP versions 1 and 2, while SNMP version 3 have the option to use user, password and authentication methods. SNMP version 1 and version 2 should only accept the value stored in the SNMP agent authentication mechanism while authenticating. But researchers identified that some devices successfully authenticated the SNMP agent even when tested with any string or integer value. Attackers could exploit this Incorrect Access Control issue to execute code on the vulnerable devices and gain full read/write remote permissions using any string/integer value.
Post made by
newWorld
No comments:
Post a Comment