snmp-formula icon indicating copy to clipboard operation
snmp-formula copied to clipboard

Published 20 hours ago verified publisher icon saltstack-formulas

Security issue when adding a snmpv3 user with the formula

Open Gerwie opened this issue 6 years ago • 1 comments

When adding a SNMPv3 user according the formula:

rwusers:
- username: '<user>'
   authpassphrase: '<authpassphrase>'
   view: all
   authproto: 'SHA'
   privproto: 'AES'
   privpassphrase: '<privpassphrase>'

The formula adds two lines to the snmpd.conf file:

rwuser <user> auth -V all
createUser <user> SHA <authpassphrase> AES <privpassphrase>

The last line is what causes the security issue. When adding an SNMPv3 user by using net-snmp-create-v3-user the first line is added in the file snmpd.conf file located in /etc/snmp/snmpd. The second line is added in another file snmpd.conf file located in: /var/lib/net-snmp/. When the line is read from the snmpd.conf file located in /var/lib/net-snmp/, the line is removed (eliminating the storage of the master password for that user) and replaced with the key that is derived from it. Source: man page snmpd.conf

In the current situation, the formula adds the createUser line in the snmpd.conf file located in /etc/snmp/. Therefore the line will not be removed and the passwords are visible to anyone that can access that snmpd.conf file.

Gerwie avatar Aug 28 '18 13:08 Gerwie