Fix SNMP v3 implementation for best practices?


I was setting up monitoring for the device using SNMP v3, and was sad at your implementation that insists on using the same password as the encryption key as well counter to best practices for SNMP.

As defined in the best practices guide defined here at, section 4.1:

"Each human operator should also have unique pass phrases for authentication and privacy. These pass phrases should be different from those used for server logins. Also, these pass phrases should be different for each authentication and privacy protocol. "

While not psirt worthy, you only got half of the intended use correct in your implementation. Auth hash and encryption keys should to be different.

You're not the only vendor to get the implementation wrong either at least (cough, Meraki), but would be nice to get on the road map a proper fix to allow for separate username, auth hash, and priv encryption keys separate as the best practices intend.

All Replies