Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7023

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-7023
Last Modified 27 Aug 2009 12:00:00
Published 21 Aug 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7023

Summary

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Vulnerable Systems

Operating System

  • Arubanetworks Arubaos 3.3.1.16


References

BID - 31336

BUGTRAQ - 20080923 Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks

BUGTRAQ - 20080923 Aruba Mobility Controller Shared Default Certificate

OSVDB - 51731


Last Updated: 27 May 2016 10:49:26