Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - ArubaOS: bypassing 802.1X via Local Termination

April 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When EAP-TLS 802.1X uses the Local Termination mode, an attacker can bypass the authentication and access to the service.

Severity: 2/4

Creation date: 20/03/2012

IMPACTED PRODUCTS

- Aruba Networks ArubaOS

DESCRIPTION OF THE VULNERABILITY

The 802.1X authentication is based on EAP (Extensible Authentication Protocol), and uses an authentication server such as RADIUS. The Local Termination mode does not require an authentication server.

When EAP-TLS 802.1X uses the Local Termination mode, an attacker can bypass the authentication and access to the service.

Technical details are unknown.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/A...




See previous articles

    

See next articles