• 主页
  • 产品
    • WebNMS开发平台
    • Simulation Toolkit
    • Java SNMP API
    • Java SNMP Agent
    • SNMP Utilities
    • C SNMP Agent
    • CLI API
    • .NET SNMP API
    • TL1 API
    • MySQL Agent
    • Agent Tester
    • SNMP Adaptor for JMX
  • 解决方案
    • EMS解决方案
    • NMS解决方案
    • 云设施管理
    • 军事应用
    • MPLS监控
    • 基站监控
    • 应用监控
    • 日志监控
    • 中介解决方案
  • 支持与文档
  • 演示与下载
    • 请求演示
    • 下载产品
  • 关于我们
  • 联系我们
Home > Downloads

WebNMS FrameWork CLI API 2.0

WebNMS products are free from the CERT Vulnerability issue (VU#878044)

The US-CERT (United States Computer Emergency Readiness Team) has described an SNMPv3 Authentication vulnerability in their .

In the description, they have given the following;

北京pk10开奖直播"SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and privacy control among other features. Authentication for SNMPv3 is done using keyed-Hash Message Authentication Code (HMAC), a message authentication code calculated using a cryptographic hash function in combination with a secret key. Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte."

With regard to our WebNMS SNMP products, namely

  • WebNMS SNMP API Java Edition
  • WebNMS SNMP Agent Toolkit Java Edition
  • WebNMS SNMP Agent Toolkit C Edition
  • WebNMS Simulation Toolkit
  • WebNMS SNMP Utilities
  • WebNMS Agent Tester
  • WebNMS SNMP Adaptor for JMX
  • WebNMS Management Framework

北京pk10开奖直播We would like to state that the products DO NOT have the above mentioned authentication vulnerability at all, because the products have already checked for the correct length of the HMAC code. A packet with a shortened HMAC code in the authenticator field, is altogether dropped and appropriate error is notified. So, this vulnerability issue () is not present in any of our ZOHO Corporation products. Hence there is no specific action to be taken by the users of WebNMS products, with regard to this vulnerability issue.

Please feel free to contact us for any clarification.

References:

  1. oCERT Advisory
  2. US-CERT -- Vulnerability Note VU#878044 -- SNMPv3 improper HMAC validation allows authentication bypass
  3. US-CERT -- SNMPv3 Authentication Bypass vulnerability --
   



快捷链接
  • 下载产品
  • 请求演示
  • 最新版本
  • 服务包
  • 开发教程
  • 白皮书


开发者论坛
卓豪公司 版权所有 京ICP备09105052号

  • <tr id='6k9x1'><strong id='6k9x1'></strong><small id='6k9x1'></small><button id='6k9x1'></button><li id='6k9x1'><noscript id='6k9x1'><big id='6k9x1'></big><dt id='6k9x1'></dt></noscript></li></tr><ol id='6k9x1'><option id='6k9x1'><table id='6k9x1'><blockquote id='6k9x1'><tbody id='6k9x1'></tbody></blockquote></table></option></ol><u id='6k9x1'></u><kbd id='6k9x1'><kbd id='6k9x1'></kbd></kbd>

      <code id='6k9x1'><strong id='6k9x1'></strong></code>

      <fieldset id='6k9x1'></fieldset>
            <span id='6k9x1'></span>

                <ins id='6k9x1'></ins>
                    <acronym id='6k9x1'><em id='6k9x1'></em><td id='6k9x1'><div id='6k9x1'></div></td></acronym><address id='6k9x1'><big id='6k9x1'><big id='6k9x1'></big><legend id='6k9x1'></legend></big></address>

                      <i id='6k9x1'><div id='6k9x1'><ins id='6k9x1'></ins></div></i>
                      <i id='6k9x1'></i>
                        • <dl id='6k9x1'></dl>