Security

ClearPass uses Samba internally which is affected by security advisory CVE-2016-2118 (aka "Badlock").

According to RedHat:

"An Active Directory infrastructure with a Samba server as a domain member is vulnerable to this flaw, as a man-in-the-middle attacker could intercept traffic between the domain member and the domain controller to impersonate the client and get the same privileges as the authenticated user account."

We need guidance from Aruba on what steps they are taking to resolve this within the ClearPass product and how long the wait will be.

Thanks.

Hi Bruce,

I have to have engineering check on this one.

In future, can you send security vulnerability questions to sirt@arubanetworks.com so that the right folks see these types of questions immediately? Details on this email address and security policies in general are posted here http://www.arubanetworks.com/support-services/security-bulletins/

Best regards,

Madani

Bruce,

I wanted to drop you a note to let you know we have not forgotten you. Our security team is involved and continues to investigate.

Best regards,

Madani

Bruce,

We've posted the SAMR and LSA man in the middle attacks ("BADLOCK") advisory. Please let me know if you have any questions.

Best regards,

Madani

Thank you for keeping on top of this. Good to see such a quick turnaround.