It has been observed that SNMP credentials (such as community strings, SNMPv3 authentication/privacy keys, and SSH credentials) are retrievable in a readable format through authenticated API access.
This behavior represents a significant security vulnerability, as sensitive credentials should never be exposed in plaintext. If the exposed credentials have Read-Write privileges, an attacker who gains API access could potentially modify device configurations, disrupt services, or compromise the integrity of managed systems.
As a security best practice, all sensitive credentials should be encrypted at rest and should not be retrievable in a user-readable format through any API response. Where credential validation is required, mechanisms such as secure storage, tokenization, hashing (where applicable), or masked values should be implemented instead of returning the actual credentials.
We recommend remediating this issue by ensuring that sensitive credentials are securely encrypted and inaccessible in plaintext to users and API consumers.
