Toll Free US: +1 888 720 9500
Intl: +1 925 924 9500

Store | Reseller

Enterprise Management & Security Products		OEM's and Developers
Active Directory Management Application Monitoring Asset Management Customer SupportDesk Desktop Management EventLog Analyzer FacilitiesDesk Firewall Analyzer Free Active Directory Tools Free Windows Tools HelpDesk Hosted Website Monitoring Service	MSP Platform Network Configuration Management Network Monitoring Network Security Scanner Patch Management Password Management Self-Service Password Management Storage Management Software Switch Port & IP Address Management Traffic Analysis & Network Forensics VoIP Monitoring WiFi Manager	Web NMS SNMP Agent Toolkit C Edition SNMP Agent Toolkit Java Edition SNMP API SNMP API .NET Edition SNMP Micro Agent for MySQL SNMP Adaptor for JMX Simulation Toolkit CLI API
Testing & Performance	Database Tools & Search
QEngine SNMP Utilities Agent Tester	SwisSQL DBChangeManager SQLOne Database Search Engine SwisSQL Database Migration Products Stored Procedure Migration Tools

Home > Download

AdventNet products are free from the CERT Vulnerability issue (VU#878044)

The US-CERT (United States Computer Emergency Readiness Team) has described an SNMPv3 Authentication vulnerability in their Vulnerability Note VU#878044.

In the description, they have given the following;

"SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte."

With regard to our AdventNet SNMP products, namely

AdventNet SNMP API Java Edition
AdventNet SNMP Agent Toolkit Java Edition
AdventNet SNMP Agent Toolkit C Edition
AdventNet Simulation Toolkit
AdventNet SNMP Utilities
AdventNet Agent Tester
AdventNet SNMP Adaptor for JMX
AdventNet Web NMS

We would like to state that the products DO NOT have the above mentioned authentication vulnerability at all, because the products have already checked for the correct length of the HMAC code. A packet with a shortened HMAC code in the authenticator field, is altogether dropped and appropriate error is notified. So, this vulnerability issue (VU#878044) is not present in any of our AdventNet products. Hence there is no specific action to be taken by the users of AdventNet products, with regard to this vulnerability issue.

Please feel free to contact us for any clarification.

References:

oCERT Advisory http://www.ocert.org/advisories/ocert-2008-006.html
US-CERT -- Vulnerability Note VU#878044 -- SNMPv3 improper HMAC validation allows authentication bypass http://www.kb.cert.org/vuls/id/878044
US-CERT -- SNMPv3 Authentication Bypass vulnerability -- http://www.us-cert.gov/cas/techalerts/TA08-162A.html

Downloads

Forums |

Press |

Events

View All Forums

	AdventNet, Inc. All rights reserved. Trademarks \| Privacy Policy \| Site Map \| Contact Us \| Careers \| Tell Us