B509: snmp_weak_cryptography¶
-
bandit.plugins.snmp_security_check.
snmp_crypto_check
(context)[source] B509: Checking for weak cryptography
- This test is for checking for the usage of insecure SNMP cryptography:
- v3 using noAuthNoPriv.
- Using the pysnmp documentation:
- http://snmplabs.com/pysnmp/examples/hlapi/asyncore/sync/manager/cmdgen/snmp-versions.html
Please update your code to use more secure versions of SNMP. For example:
- Instead of:
- CommunityData(‘public’, mpModel=0)
- Use (Defaults to usmHMACMD5AuthProtocol and usmDESPrivProtocol
- UsmUserData(“securityName”, “authName”, “privName”)
New in version 1.7.2.