Tenable Research Release Highlight

Modern Cryptography Support for SNMP

Summary

Tenable products have the ability to scan SNMP ports for software detection and the identification of certain vulnerabilities. Early versions of SNMP did not have robust access control and authentication, but starting in SNMPv3 customers have been able to use both encryption and authentication to connect to SNMP services. All SNMP plugins now support SHA2 algorithms for authentication and the AES algorithm with key sizes of 192 and 256 bits for privacy. These additional SHA2 algorithms will be selectable in the SNMPv3 settings under the Credentials tab for Scan Policy configurations. 

Change

Additional options will soon be available in Scan Policy configuration drop down lists for SHA-224, SHA-256, SHA-384 and SHA-512 authentication algorithms and AES192, AES256 privacy algorithms will be available for SNMPv3 credentials. Due to differences in how vendors implement privacy with extended keys, alternative AES192C and AES256C algorithms will also be available for interfacing with Cisco devices.

Impact

Current configurations will not change. The new additional security modes can be used if desired to match scan targets configurations deployed in a user’s environment. 

Target Release Date

08 NOV 2023