The SNMP Engine ID is a unique identification for every SNMP agent in
your network. At the factory, SNMPv3 devices should be programmed to
generate a unique SNMP Engine ID value that may be customized by the
network administrator. Some SNMPv3 devices may be initialized at the
factory with a fixed, non-unique SNMP Engine ID value, and this MUST
be changed to a unique value by the network administrator.
The SNMP Engine ID is an important part of SNMPv3 security. The SNMP Engine ID value is included in the mathmatical computation that transforms an SNMPv3 user's pass phrase into a localized key. Because the SNMP Engine ID is unique on every device in the network, the localized keys are unique on every device in network. Thus, if an attacker is able to figure out the keys on one device and take over its functions, the other devices in the network are still secure.
If the SNMP Engine ID is the same on two or more devices in your network, then the same set of keys can be used to access all of those devices with SNMPv3. An attacker might successfully discover the keys of one device by a variety of methods including brute force attack. That is a lot of work for just one device, but if successful, now the attacker also has control of all of the other devices that share the same SNMP Engine ID and user name. Having the same SNMP Engine ID on multiple devices is a serious vulnerability!
SNMP Security Analyzer finds the devices in your network that have the same SNMP Engine ID value. At the earliest opportunity, you should reconfigure all of the devices identified in this report. By changing the SNMP Engine ID in each device to a unique value, you remove the vulnerability before it is exploited by an attacker.
Next Topic: Clock Rollback