Netopia SNMP Password Disclosure
Medium Nessus Network Monitor Plugin ID 3747
SynopsisThe remote host passes information across the network in an insecure manner.
DescriptionThe remote host appears to be running a Netopia router with SNMP enabled. The Netopia router is using the default SNMP community strings. This version of the Netopia firmware is vulnerable to a flaw where a remote attacker can retrieve the administrative password by sending a specially formed SNMP query. An attacker exploiting this flaw would only need to be able to send SNMP queries to the router using the default community string of 'public'. Successful exploitation would result in the attacker gaining administrative credentials to the router.
SolutionUpgrade or patch according to vendor recommendations. Change the default SNMP community string to one that is not easily guessed.