Aruba Mobility Controller TACACS Authentication Bug Lets Remote Users Gain Administrative Access
|
|
SecurityTracker Alert ID: 1020032
|
|
SecurityTracker URL: http://securitytracker.com/id?1020032
|
|
CVE Reference: CVE-2008-2273
(Links to External Site)
|
Updated: Jun 2 2008
|
Original Entry Date: May 15 2008
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.1.x, 3.2.x, and 3.3.x
|
Description: A vulnerability was reported in Aruba Mobility Controller. A remote user can gain administrative access on the target application.
When TACACS authentication is used for Controller management users, a remote user can exploit a flaw in the TACACS authentication module to gain access to an administrative account.
|
Impact: A remote user can gain administrative access on the target application.
|
Solution: The vendor has issued a patch, available at:
http://www.arubanetworks.com/support
The vendor's advisory is available at:
http://www.arubanetworks.com/support/alerts/aid-051408.asc
|
Vendor URL: www.arubanetworks.com/support/alerts/aid-051408.asc (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 15 May 2008 11:37:24 -0400
Subject: Aruba Mobility Controller
|
http://www.arubanetworks.com/support/alerts/aid-051408.asc
|
|
