Controllerless Networks

Reply
Occasional Contributor I

AP 6.2.0.0-3.2.0.4_38110 vulnerability

Hello.
I installed a new set of Aruba 105's at a remote office running Corporate access with Radius Auth and Guest access with password Auth, both on separate non-routed vlans. The Version is 6.2.0.0-3.2.0.4_38110.

We also have the identical setup at our main office running Version 6.1.3.4-3.1.0.1_35899.

A pen tester found that if you authenticate to the remote office guest wireless, then revisit the url a few times (https://securelogin.arubanetworks.com/swarm.cgi?opcode=cp_generate&orig_url=687474703a2f2f736c617368646f742e6f72672f).
The config, including Admin user/password and Radius password are displayed in plain text.

Then - very scary, if you go to the URL https://securelogin.arubanetworks.com/#home (dispite being on a separarte vlan) you get the contoller home page, which you can log in to with the previously found admin user/pass.

This was mitigated by simply going to Settings>General>Deny inter user bridging - Enable and Deny local routing - Enable.

At our main office (Version 6.1.3.4-3.1.0.1_35899) these settings are Disabled, but I am unable to replicate the issue here. So it must be a vulnerability with 6.2.0.0-3.2.0.4_38110.

Has anyone come across this vulnerability before and know if it is fixed in later versions?

Thanks

Guru Elite

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

You are running very old code.  Please upgrade to the latest, which has the fix.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

Its not that old, the 105's were purchased a few months ago and shipped with this version. We are running a much older version without this vulnerability. Do you know if this vulnerability is documented anywhere?

 

Julian

Super Contributor II

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

It always be good to go with latest version. You may try the latest and do share here if problem remain the same.
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: