Aruba Mobility Controller Shared Default Certificate

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Aruba Mobility Controller Shared Default Certificate
From: nnposter@xxxxxxxxxxxxx
Date: 23 Sep 2008 03:51:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Aruba Mobility Controller Shared Default Certificate


Product:

Aruba Mobility Controller
http://www.arubanetworks.com/products/mobility_controllers.php


Aruba mobility controllers use X.509 certificates to protect access to the web 
management interface and to provide secure wireless authentication, such as 
TLS, TTLS, PEAP, and Aruba-specific Captive Portal. By default the controller 
uses a built-in certificate that is shared by all deployed units across all 
customers. Administrators are not forced to generate new, 
implementation-specific key pairs to replace this shared one.

Since the corresponding private key is not protected in any particular way it 
is possible for a party with access to one of the controllers to retrieve the 
private key and abuse it to compromise other implementations.

The latest such certificate is serial number 386929 issued by Equifax Secure 
Certificate Authority, expiring Jun 30, 2011.

The vulnerability has been identified in ArubaOS version 3.3.1.16 but all 
previous versions are also likely affected.


Solution:
Replace the default certificate with a new key pair that is unique for the 
implementation.


Found by:
nnposter

Prev by Date: Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
Next by Date: Xss In Datalife Engine CMS 7.2
Previous by thread: Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
Next by thread: Xss In Datalife Engine CMS 7.2
Index(es):
- Date
- Thread