SNMPv3 Password Question

[thavinci]

Wondering if someone can assist me here.

I have cacti running with thold/monitor.

Now all my hosts are using snmp v1 and v2 so there is no need for usernames/passwords for snmp.
Now out of pure co-incidance i went through the cacti db and found the following....


In table poller_item there is a field called snmp_password
Also table host field snmp_password.
(Have not verified any others yet.)

In that field in clear text for all too see is the admin password to some of my boxes!!!!!!!!!!!!! Where the @#$ is this comming from?

I did NOT fill in any snmp password fields in my current hosts as they dont require it, where is this being populated from?


HELLLLPPP

[meralias]

The last time that I saw that, it was because I was using a browser with auto-completion of forms and I had accidentally saved a password in the default SNMP settings.

[rony]

Passwords for snmp communities are clear text in the database, how else would you suggest we store them? Encrypt them, yah, ok, then decrypt would be available in the source code.

Also, I changed your subject.

[TheWitness]

These passwords are for snmpv3 and are stored this way. However, only an #@%^ would make that password anything other than Read Only. Do you know what you are doing here?

TheWitness

[cigamit]

Let me guess, you use Firefox 3? And you saved your password to login to Cacti? It auto-fills in the "hidden" SNMP v3 password field, I believe Larry patched around this in v0.8.7d.

[thavinci]

Lol, looks like half the people misunderstood the situation.....


I don't really care how the snmp v3 passwords are stored in the db.
As ive mentioned i don't even use snmp v3 ANYWHERE on my entire network only v1 and 2...

However somehow these feilds are being populated and worse yet with the same pass as some of my boxes admin password...


After some research i did see the issue that Firefox autocomplete is doing this however assumed it can't be as patch was included in Version 0.8.7d.

Am i mistaken? I am currently running Version 0.8.7d of cacti and assumed it cannot be from this.....

And yes i am using Firefox 3.0.8....

Input?

cigamit: Thanks For Directing Post in Right Direction..

[TheWitness]

I see. Then, goto Console->Settings->General and change the default snmpv3 password in the two fields attached.

Those values were likely incorrectly filled in by someone with the admin users password. The values you provide there, will be stored in the database. Please confirm that this corrects your situation.

Otherwise, this might be FF3.x messing with the form in which case we have another problem.

TheWitness

[cigamit]

Yes, I see the original line of code that Gandalf put in which I thought had taken care of this.

-bug: host save failed in FireFox 3 for non-SNMP V3 hosts, complaining about "password mismatch"
http://svn.cacti.net/viewvc/cacti/branc ... threv=4621

This stopped the "mismatched' password error, but now Cacti just blinding takes what Firefox fills in the SNMP v3 field and sticks it in the database (even though it is hidden because you are using v2, and even though the 2nd matching password field is blank).

Instead, we should be checking to see if you are using v3, and if not, don't include the password field in the save array (or even blank them out to help remove the old passwords from the database.)

[cigamit]

Attached is a patch which will resolve the issue going forward for you. Ideally, I would think we would apply this at the API level, but this works too.

Run this SQL command to remove all current usernames / passwords from the host table.

Code: Select all

UPDATE host SET snmp_username = "", snmp_password = "" WHERE snmp_version <> 3

And then do a rebuild of your Poller Cache.

[thavinci]

Thank You!

This led too the solution for me!