Bug ID 423061: Creating an SNMP v3 user using the Configuration utility or tmsh adds passwords in plain text to the snmpd.conf file

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.6.0

Opened: Jun 11, 2013
Severity: 2-Critical
Related AskF5 Article:
K14743

Symptoms

Creating or modifying SNMP v3 users using the GUI or tmsh adds passwords in plain text to the /config/net-snmp/snmpd.conf file.

Impact

SNMP v3 user passwords are visible to those with root read access on the BIG-IP system until you run bigstart restart to restart the snmp process.

Conditions

You have created or modified an SNMP v3 user using the GUI or with the command 'tmsh modify sys snmp users ...'

Workaround

Run the command 'bigstart restart snmp' to restart snmp after creating or modifying SNMP v3 users. This results in encrypted passwords in the file.

Fix Information

Creating or modifying SNMP v3 users using the GUI or tmsh no longer adds passwords in plain text to the /config/net-snmp/snmpd.conf file. Now, passwords are encrypted.

Behavior Change