Controllerless Networks

Reply
Occasional Contributor I

AP 6.2.0.0-3.2.0.4_38110 vulnerability

Hello.
I installed a new set of Aruba 105's at a remote office running Corporate access with Radius Auth and Guest access with password Auth, both on separate non-routed vlans. The Version is 6.2.0.0-3.2.0.4_38110.

We also have the identical setup at our main office running Version 6.1.3.4-3.1.0.1_35899.

A pen tester found that if you authenticate to the remote office guest wireless, then revisit the url a few times (https://securelogin.arubanetworks.com/swarm.cgi?opcode=cp_generate&orig_url=687474703a2f2f736c617368646f742e6f72672f).
The config, including Admin user/password and Radius password are displayed in plain text.

Then - very scary, if you go to the URL https://securelogin.arubanetworks.com/#home (dispite being on a separarte vlan) you get the contoller home page, which you can log in to with the previously found admin user/pass.

This was mitigated by simply going to Settings>General>Deny inter user bridging - Enable and Deny local routing - Enable.

At our main office (Version 6.1.3.4-3.1.0.1_35899) these settings are Disabled, but I am unable to replicate the issue here. So it must be a vulnerability with 6.2.0.0-3.2.0.4_38110.

Has anyone come across this vulnerability before and know if it is fixed in later versions?

Thanks

Guru Elite

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

You are running very old code.  Please upgrade to the latest, which has the fix.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

Its not that old, the 105's were purchased a few months ago and shipped with this version. We are running a much older version without this vulnerability. Do you know if this vulnerability is documented anywhere?

 

Julian

Super Contributor II

Re: AP 6.2.0.0-3.2.0.4_38110 vulnerability

It always be good to go with latest version. You may try the latest and do share here if problem remain the same.
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: