Brocade Fabric OS SNMP Password Encryption Vulnerability

A vulnerability exists in Brocade Fabric OS versions prior to 9.2.0, where SNMP passwords can be exposed in plaintext if password encryption is not enabled. The unencrypted passwords may be revealed in a configupload or supportsave capture. An attacker could use these passwords to retrieve values of supported OIDs through SNMPv3 queries, and there are also a limited number of MIB objects that can be modified.

Impact

Exposing SNMP passwords in clear text, allowing unauthorized access to SNMPv3 functionalities and potential modification of certain MIB objects.

Remediation

To address this vulnerability, SNMP password encryption should be enabled using the 'snmpconfig --set snmpv3 -enable passwd_encryption' command. After enabling encryption, it's recommended to change the SNMP authpassword and privpassword, as these secrets could have been previously exposed. Brocade switches with Fabric OS 9.2.0 and later have SNMP password encryption enabled by default, but those with earlier versions do not. For switches prior to 9.2.0, a factory reset will not enable encryption, so it must be done manually.