Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Aruba Mobility Controller Shared Default Certificate
From: nnposter () disclosed not
Date: 23 Sep 2008 03:51:58 -0000
Aruba Mobility Controller Shared Default Certificate


Product:

Aruba Mobility Controller
http://www.arubanetworks.com/products/mobility_controllers.php


Aruba mobility controllers use X.509 certificates to protect access to the web management interface and to provide 
secure wireless authentication, such as TLS, TTLS, PEAP, and Aruba-specific Captive Portal. By default the controller 
uses a built-in certificate that is shared by all deployed units across all customers. Administrators are not forced to 
generate new, implementation-specific key pairs to replace this shared one.

Since the corresponding private key is not protected in any particular way it is possible for a party with access to 
one of the controllers to retrieve the private key and abuse it to compromise other implementations.

The latest such certificate is serial number 386929 issued by Equifax Secure Certificate Authority, expiring Jun 30, 
2011.

The vulnerability has been identified in ArubaOS version 3.3.1.16 but all previous versions are also likely affected.


Solution:
Replace the default certificate with a new key pair that is unique for the implementation.


Found by:
nnposter

  By Date           By Thread  

Current thread:
  • Aruba Mobility Controller Shared Default Certificate nnposter (Sep 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]