• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Castle Rock Computing SNMPc v5/v6 Unauthorized Remote Privileged Access Vulnerability

A vulnerability in the authentication mechanism used by SNMPc has been discovered, potentially allowing for unauthorized remote access. The problem lies in the design of the mechanism, specifically the fact that all authentication routines are carried out within the client program. As such, an attacker may be capable of influencing the results of authentication by modifying a client program or reversing the encrypted password transmitted by the server.

The exploitation of this issue could ultimately allow for an attacker to gain unauthorized remote console access as the Administrator user, who by default has Supervisor privileges on affected servers.

This vulnerability affects SNMPc v5 and version v6.