Aruba Mobility Controller Shared Default Certificate

2008.09.24
Credit: nnposter
Risk: High
Local: No
Remote: Yes
CWE: CWE-310


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Aruba Mobility Controller Shared Default Certificate Product: Aruba Mobility Controller http://www.arubanetworks.com/products/mobility_controllers.php Aruba mobility controllers use X.509 certificates to protect access to the web management interface and to provide secure wireless authentication, such as TLS, TTLS, PEAP, and Aruba-specific Captive Portal. By default the controller uses a built-in certificate that is shared by all deployed units across all customers. Administrators are not forced to generate new, implementation-specific key pairs to replace this shared one. Since the corresponding private key is not protected in any particular way it is possible for a party with access to one of the controllers to retrieve the private key and abuse it to compromise other implementations. The latest such certificate is serial number 386929 issued by Equifax Secure Certificate Authority, expiring Jun 30, 2011. The vulnerability has been identified in ArubaOS version 3.3.1.16 but all previous versions are also likely affected. Solution: Replace the default certificate with a new key pair that is unique for the implementation. Found by: nnposter

References:

http://www.securityfocus.com/bid/31336
http://www.securityfocus.com/archive/1/archive/1/496622/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/496604/100/0/threaded
http://osvdb.org/51731


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top