06-04-2014 07:37 AM
More details on Cupid can be found here:
Cupid is an attack that levearges the heartbleed vulnerability to attack connections made over EAP. It was meant as a proof that other types of TLS connectiosn are vulnerable, which is pretty apparent. Only versions of code affected by Heartbleed are vulnerable to Cupid. Please make sure that you are runing heartbleed safe code.
You can check the affected versions by reading the security bullitin released by Aruba.
Client devices are also vulnerable to the attack. Please ensure that none of the client devices on your network are running a vulnerable version of OpenSSL. That primarily applies to Android and Linux devices.