PT-2009-2492 · Aruba · Aruba Mobility Controller

Published

2009-08-21

Updated

2018-10-11

CVE-2008-7023

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Aruba Mobility Controller version 3.3.1.16

Description The issue allows remote attackers to bypass authentication because the same default X.509 certificate is installed for all installations. This is only considered a problem when the administrator fails to follow the recommendations outlined in the product's security documentation.

Recommendations For version 3.3.1.16, ensure that administrators follow the security documentation recommendations to avoid this issue. As a temporary workaround, consider regenerating or replacing the default X.509 certificate with a unique one to prevent authentication bypass.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2008-7023

Affected Products

Aruba Mobility Controller

PT-2009-2492 · Aruba · Aruba Mobility Controller

CVE-2008-7023

Weakness Enumeration

Related Identifiers

Affected Products

References · 5