NPM SNMP Polling supports SHA256 and SHA512 from 2022.3, but the same is not supported for SNMP Traps
As per NPM Doc - When you use SNMPv3 for polling a device and receive traps from it, confirm that the same authentication type (auth, noauth, or priv) is configured for both polling and traps.
The usage of MD5 and SHA1 is heavily discouraged by security practices in our organisation.
As per support case (Case # - 01569794) raised by us, we have been advised that Solarwinds uses a third party software (IPWorks SNMP of 9.0.5077 version from 2014) to process incoming SNMP Traps.
We would like to see some urgent action taken by the product team to address this issue as the current state does not align to the - "Secure by Design" philosophy advocated by solarwinds.
Usage of older protocol introduces unnecessary security risk.
Top Comments