DX NetOps

HI,

Recently our security team has identified that the SNMP V3 username from spectrum is passing as plain text over network while polling the discovered devices. Is there any way to encrypt the SNMP credentials sent from spectrum while polling?

Thanks

Dev

HI All,

 Any clue? Please help.

Hi,

Why would you expect a username to travel in an encrypted fashion over the wire? If you were to look over RFC 3414 you shouldn't see any reference to usernames being encrypted on outgoing packets. Have you been told otherwise?

Moreover, assume a device has several SNMPv3 credentials configured (each with its own set of permissions). How would the USM on the device know which credentials you're authenticating if it can't derive the principal who originated the request?

Hi Aswani,

Encrypting the username is not part of the SNMP v3 protocol standard, hence Spectrum does not do this.

And as Doron points out, it would be difficult to implement as the device would not know the user credentials against which to authenticate the message.