Vigil@nce - ArubaOS: bypassing 802.1X via Local Termination
April 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When EAP-TLS 802.1X uses the Local Termination mode, an attacker
can bypass the authentication and access to the service.
Severity: 2/4
Creation date: 20/03/2012
IMPACTED PRODUCTS
– Aruba Networks ArubaOS
DESCRIPTION OF THE VULNERABILITY
The 802.1X authentication is based on EAP (Extensible
Authentication Protocol), and uses an authentication server such
as RADIUS. The Local Termination mode does not require an
authentication server.
When EAP-TLS 802.1X uses the Local Termination mode, an attacker
can bypass the authentication and access to the service.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ArubaOS-bypassing-802-1X-via-Local-Termination-11461