Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - ArubaOS: bypassing 802.1X via Local Termination

April 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When EAP-TLS 802.1X uses the Local Termination mode, an attacker
can bypass the authentication and access to the service.

Severity: 2/4

Creation date: 20/03/2012

IMPACTED PRODUCTS

 Aruba Networks ArubaOS

DESCRIPTION OF THE VULNERABILITY

The 802.1X authentication is based on EAP (Extensible
Authentication Protocol), and uses an authentication server such
as RADIUS. The Local Termination mode does not require an
authentication server.

When EAP-TLS 802.1X uses the Local Termination mode, an attacker
can bypass the authentication and access to the service.

Technical details are unknown.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/ArubaOS-bypassing-802-1X-via-Local-Termination-11461


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts