Detect and Harden SNMP Weak Passwords on Windows, Linux, and Network Devices
This guide explains how to discover SNMP weak credentials using Nmap and snmputil, demonstrates exploitation techniques, and provides step‑by‑step hardening procedures for Windows, Linux, AIX, Solaris, and Cisco devices to improve network security.
SNMP Weak Passwords and Security Hardening
Weak password detection
nmap -sU -p161 --script=snmp-brute ip // Scan for SNMP weak passwordsWeak password exploitation
nmap -sU -p161 --script=snmp-netstat ip // Get network port status
nmap -sU -p161 --script=snmp-sysdescr ip // Retrieve system information
nmap -sU -p161 --script=snmp-win32-user ip // Enumerate user accountsOther exploitation methods
snmputil walk ip public.1.3.6.1.2.1.25.1.2 // List system processes
snmputil walk ip public.1.3.6.1.2.1.25.6.3 // List installed software
snmputil walk ip public.1.3.6.1.2.1.25.1.1 // List system information
snmputil get ip public.1.3.6.1.2.1.1.1 // Retrieve OID description
snmputil walk ip public.1.3.6.1.2.1.25.1.5 // List system usersSecurity hardening
Locate processes associated with open SNMP ports, determine whether they are business‑critical, and decide on mitigation:
If the service is unnecessary, close the port or kill the process.
If the service is required, replace the weak community string with a strong one and apply whitelist controls.
Configuring SNMP passwords
Windows
Method 1:
Start → Control Panel → Administrative Tools → Services → SNMP Service → Properties → Security
1. Change the community name (SNMP password)
2. Configure whitelist
3. Restart the service
Method 2:
Run → regedit
1. Modify the weak community string
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
Replace "public" with a strong password
2. Set whitelist
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagersLinux
Method 1:
1. Edit /etc/snmp/snmpd.conf to change the default "public" community string
2. Optionally enable iptables (note: may affect network performance)
3. Restart the SNMP serviceAIX
Default is SNMPv3. To use SNMPv1:
1. Switch version: /usr/sbin/snmpv3_ssw -1
2. Stop service: stopsrc -s snmpd
3. Backup and edit password: cp /etc/snmpd.conf /etc/snmpd.conf.bak; vi /etc/snmpd.conf
4. Restart service: startsrc -s snmpd
Alternative:
1. Stop service: stopsrc -s snmpd
2. Backup and edit: cp /etc/snmpdv3.conf /etc/snmpd.conf.bak; vi /etc/snmpdv3.conf
3. Restart service: startsrc -s snmpdSolaris
1. Edit /etc/sma/snmp/snmpd.conf and replace the "public" rocommunity with a strong password
2. Restart the SMA service:
svcadm disable sma
svcadm enable smaCisco
1. Enter configuration mode: configure terminal
2. Remove default communities:
no snmp-server community public RO
no snmp-server community private RW
3. Set new communities:
snmp-server community security_partNer_guest RO
snmp-server community security_partNer_admin RWSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.