[SNMP4J] Potential Bug / Fix with authentication and encryption passwords (empty passwords)
Jochen Katz
katz at agentpp.com
Tue Apr 2 21:08:36 CEST 2013
Hi,
>>
>> The scenario is a user is setup with agent as V3 with authentication and /
>> or encryption.
>>
>> However, if empty passwords as supplied by client, the GET succeeds
>> whereas it should fail. True for authentication or encryption passwords.
SNMPv3 does not enforce that a message of a user that supports
authentication / encryption must use authentication /encryption. So it
is ok to accept a noAuthNoPriv message of a user that was created with
authentication / encryption protocols.
If you want to enforce encryption / authentication for a user, you can
do this through configuration of the VACM.
Regards,
Jochen
More information about the SNMP4J
mailing list