Python Insecure Snmp Connection
Description
Detects insecure SNMP connections in Python code using the pysnmp library. SNMP provides remote management capabilities for network devices, and using it without proper security controls can expose sensitive system information or allow unauthorized access.
Detection Strategy
• Check if the pysnmp library is imported in the Python code
• Look for usage of specific SNMP-related classes that are known to be insecure by default
• Report a vulnerability when these dangerous SNMP classes are instantiated or used without proper security configurations
Vulnerable code example
from pysnmp.hlapi import CommunityData, SnmpEngine, UdpTransportTarget, getCmd, ObjectType, ObjectIdentity
# VULNERABLE: Uses SNMPv2c with cleartext community string
iterator = getCmd(
SnmpEngine(),
CommunityData("public"), # Transmits community string in cleartext
UdpTransportTarget(("router.example.com", 161)),
ObjectType(ObjectIdentity("SNMPv2-MIB", "sysDescr", 0))...✅ Secure code example
from pysnmp.hlapi import (
ObjectIdentity,
ObjectType,
SnmpEngine,
UdpTransportTarget,
UsmUserData,
getCmd,
usmAesCfb128Protocol, # AES is more secure than DES...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.