Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba WLC v8.5 VAPT Remediation

This thread has been viewed 7 times
  • 1.  Aruba WLC v8.5 VAPT Remediation

    Posted Oct 13, 2021 11:01 PM
    Hi, recently our client perform a VAPT

    FTP Server - Medium Severity [FTP was not built to be secure. It is
    generally considered to be an insecure protocol because it relies on clear-text usernames and
    passwords for authentication and does not use encryption.]
    TLS 1.1 enabled - Low Severity [It is recommended to disable TLS 1.1 and replace it with TLS 1.2 or higher]
    TLS Version One Enabled - Low Severity [TLS Version 1.0 is enabled on the web server at the following port: 4343, 8081, & 8082]
    SSL/TLS Mismatch - Medium Severity [A certificate mismatch was found on port: 4343, 8081, & 8082 ]
    Version Disclosure (Generic) - Low Severity [The FTP software and version was included during banner grabbing.]
    Host Header Poisoning - Low Severity [The web server accepted arbitrary host headers at https://xxx.xxx.xxx.1.]

    Already found the FTP Server and TLS via documents, I believed the SSL/TLS Mismatch is Certificate Loading on the WLC

    Appreciate if you have insight on this. Can't share the document due to confidentiality.


  • 2.  RE: Aruba WLC v8.5 VAPT Remediation

    Posted Oct 14, 2021 06:02 AM
    Please check the ArubaOS Hardening Guide for common observations in vulnerability scans, and the recommended remediation or false positives. Note that all-but-one are low severity and may not be applicable within the context of your deployment.

    Aruba Support, or your local Aruba SE may be available to check the relevant sections of report with you, if you can share it under confidentiality with them.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------