This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

View the SNMP community string in on-prem Credentials

lkeyes
Engaged Sweeper III

‎03-24-2023 07:07 PM - last edited on ‎04-02-2024 11:25 AM by Community Manager

Hi....looking to disentangle our SMTP credentials as it looks as if we have multiple credentials for the same asset.  Is it possible to recover, or view the community strings for existing credentials....  The checkbox shown below when creating a new credential is not available when I'm viewing existing ones. 

lkeyes_1-1679681200348.png

 

lkeyes_0-1679681008874.png

 

Labels:
0 Kudos
3 REPLIES 3
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

‎03-30-2023 10:06 AM

Hello there!

The passwords of submitted credentials are always encrypted prior to being added to your database, the same database that also stores scanned and other data. Once submitted, the passwords are no longer visible in plain text in the web console or database itself.

 

For more information you can refer to this KB article: https://community.lansweeper.com/t5/installation/credential-and-database-security-in-lansweeper/ta-p...

0 Kudos
lkeyes
Engaged Sweeper III
In response to Obi_1_Cinobi

‎03-30-2023 03:25 PM

Hi..Obi.....  fair enough.   Many thanks for your reply.  Just trying to think this through further... 

Since the knowledgebase article gives the location of the encryption key on the server.... and that key is shown in plain text...  is that not a vulnerabilty....as in fact by the known location and plain text, it is a "public" key?    Does this not represent a vulnerability that is at least as critical as being able to edit/view the community string in an SNMP credential by an authorized administrator? 

0 Kudos
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support
In response to lkeyes

‎03-31-2023 02:28 PM

Hello there!

This encryption key is indeed stored in a file on the Lansweeper server, making it impossible for anyone to decrypt your credentials unless the Lansweeper server itself is already compromised. Additionally, you would need to "find out" how to reverse the encryption.

We would recommend visiting our trust center for more information regarding security and compliance: https://www.lansweeper.com/trust/

Should you still have questions about security and compliance after visiting our trust center, don't hesitate to contact our security team directly, as they are best suited to answer your questions.

Our security team can be contacted via email: security@lansweeper.com

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now