TUCoPS :: Network Appliances :: bx1315.htm

Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207
Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207
Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207


This is a multi-part message in MIME format.

------_=_NextPart_001_01C84F2B.7512F5B7
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Aruba Networks Security Advisory

Title: Aruba Mobility Controller User Authentication Vulnerability
Aruba Advisory ID: AID-122207
Revision: 1.0

Please see attached PGP signed file for details of the vulnerability.


-Robbie

---------------------
Robbie Gill
Aruba Networks
rgill@arubanetworks.com 
----------------------

------_=_NextPart_001_01C84F2B.7512F5B7
Content-Type: text/plain;
	name="AID-122207.txt"
Content-Transfer-Encoding: base64
Content-Description: AID-122207.txt
Content-Disposition: attachment;
	filename="AID-122207.txt"

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMQ0KDQoNCkFydWJh
IE5ldHdvcmtzIFNlY3VyaXR5IEFkdmlzb3J5DQoNClRpdGxlOiBBcnViYSBNb2JpbGl0eSBDb250
cm9sbGVyIFVzZXIgQXV0aGVudGljYXRpb24gVnVsbmVyYWJpbGl0eQ0KQXJ1YmEgQWR2aXNvcnkg
SUQ6IEFJRC0xMjIyMDcNClJldmlzaW9uOiAxLjANCg0KRm9yIFB1YmxpYyBSZWxlYXNlIG9uIDEy
LzIyLzIwMDcNCg0KDQoNClNVTU1BUlkNCg0KQSB1c2VyIGF1dGhlbnRpY2F0aW9uIHZ1bG5lcmFi
aWxpdHkgd2FzIGRpc2NvdmVyZWQgZHVyaW5nIHN0YW5kYXJkIGJ1Zw0KcmVwb3J0aW5nIHByb2Nl
ZHVyZXMgaW4gdGhlIEFydWJhIE1vYmlsaXR5IENvbnRyb2xsZXIuICBUaGlzDQp2dWxuZXJhYmls
aXR5IGFmZmVjdHMgY3VzdG9tZXJzIHVzaW5nIHZlcnNpb25zIGF0IG9yIGJlbG93IDIuMy42LjE1
LA0KMi41LjIuMTEsIDIuNS40LjI1LCAyLjUuNS43LCAzLjEuMS4zLCBhbmQgMi40LjguMTEtRklQ
UyB1c2luZyBMREFQDQphdXRoZW50aWNhdGlvbiBmb3IgbWFuYWdlbWVudCBhbmQgVlBOIChQQVAt
TDJUUCkgdXNlcnMuDQoNCg0KREVUQUlMUw0KDQpBcnViYSBNb2JpbGl0eSBDb250cm9sbGVycyBt
YXkgdXNlIGV4dGVybmFsIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMgdG8NCmF1dGhlbnRpY2F0ZSBh
ZG1pbmlzdHJhdGl2ZSBhbmQgVlBOIHVzZXJzLiAgQSB2dWxuZXJhYmlsaXR5IGluIHRoZQ0KTERB
UCBhdXRoZW50aWNhdGlvbiBjb21wb25lbnQgbWF5IGFsbG93IHVuYXV0aG9yaXplZCB1c2Ugb2YN
CkxEQVAtYXV0aGVudGljYXRlZCBhZG1pbmlzdHJhdGl2ZSBhbmQgUEFQLUwyVFAgdXNlcnMuICBM
REFQIGlzIG5vdCB0aGUNCmRlZmF1bHQgYXV0aGVudGljYXRpb24gbWV0aG9kIGFuZCBtdXN0IGJl
IGNvbmZpZ3VyZWQgYXMgYW4NCmF1dGhlbnRpY2F0aW9uIG1ldGhvZCBmb3IgdXNlcnMgYmVmb3Jl
IGl0IHdpbGwgYmUgdXNlZC4gIEJ5IGRlZmF1bHQsDQphZG1pbmlzdHJhdGl2ZSB1c2VyIGFjY291
bnRzIGFuZCBwYXNzd29yZHMgYXJlIGtlcHQgaW4gYSBsb2NhbA0KZGF0YWJhc2Ugd2hpY2ggaXMg
bm90IHZ1bG5lcmFibGUgdG8gdGhpcyBkZWZlY3QuICBPdGhlciBWUE4NCmF1dGhlbnRpY2F0aW9u
IG1ldGhvZHMgc3VwcG9ydGVkIGJ5IHRoZSBBcnViYSBNb2JpbGl0eSBDb250cm9sbGVyIGFyZQ0K
bm90IHZ1bG5lcmFibGUgdG8gdGhpcyBkZWZlY3QuDQoNCg0KSU1QQUNUDQoNCkFuIGF0dGFja2Vy
IHdpdGggYWNjZXNzIHRvIHRoZSBtYW5hZ2VtZW50IG9yIFZQTiBpbnRlcmZhY2VzIG9mIGFuDQpB
cnViYSBNb2JpbGl0eSBDb250cm9sbGVyIGFuZCBrbm93bGVkZ2Ugb2YgYW4gZXhpc3RpbmcgYWNj
b3VudCBtYXkgYmUNCmFibGUgdG8gYWNjZXNzIHRoZSBBcnViYSBNb2JpbGl0eSBDb250cm9sbGVy
IHdpdGggdGhlIGFjY2VzcyBsZXZlbHMgb2YNCnRoYXQgYWNjb3VudCAoZm9yIGFkbWluaXN0cmF0
aXZlIHVzZXJzKSBvciBhY2Nlc3MgdGhlIFZQTiBzZXJ2aWNlcw0KKGZvciBWUE4gdXNlcnMpLg0K
DQpDVlNTIEJBU0UgTUVUUklDIFNDT1JFOiAxMA0KDQoNCldPUktBUk9VTkRTDQoNClNlZSBTb2x1
dGlvbiBiZWxvdy4NCg0KDQpTT0xVVElPTg0KDQpBcnViYSBOZXR3b3JrcyByZWNvbW1lbmRzIHRo
YXQgYWxsIGN1c3RvbWVycyBhcHBseSB0aGUgYXBwcm9wcmlhdGUNCnBhdGNoZShlcykgYXMgc29v
biBhcyBwcmFjdGljYWwuICBIb3dldmVyLCBpbiB0aGUgZXZlbnQgdGhhdCBhIHBhdGNoDQpjYW5u
b3QgaW1tZWRpYXRlbHkgYmUgYXBwbGllZCwgdGhlIGZvbGxvd2luZyBzdGVwcyB3aWxsIGhlbHAg
dG8NCm1pdGlnYXRlIHRoZSByaXNrOg0KDQotIC0gLSBEbyBub3QgZXhwb3NlIHRoZSBNb2JpbGl0
eSBDb250cm9sbGVyIGFkbWluaXN0cmF0aXZlIGludGVyZmFjZSB0bw0KdW50cnVzdGVkIG5ldHdv
cmtzIHN1Y2ggYXMgdGhlIEludGVybmV0Lg0KDQotIC0gLSBEaXNhYmxlIExEQVAgYXV0aGVudGlj
YXRpb24gZm9yIGFkbWluaXN0cmF0aXZlIGFjY291bnRzIHVudGlsIHN1Y2gNCnRpbWUgYXMgdGhl
IHBhdGNoZXMgY2FuIGJlIGFwcGxpZWQuDQoNCi0gLSAtIERpc2FibGUgTERBUCBhdXRoZW50aWNh
dGlvbiBmb3IgVlBOIHVzZXJzIHVudGlsIHN1Y2ggdGltZSBhcyB0aGUNCnBhdGNoZXMgY2FuIGJl
IGFwcGxpZWQuDQoNCi0gLSAtIERpc2FibGUgYW5vbnltb3VzIGJpbmRzIGluIHRoZSBMREFQIHNl
cnZlciB1bnRpbCBzdWNoIHRpbWUgYXMgdGhlDQpwYXRjaGVzIGNhbiBiZSBhcHBsaWVkLg0KDQoN
Ck9CVEFJTklORyBGSVhFRCBGSVJNV0FSRVMNCg0KQXJ1YmEgY3VzdG9tZXJzIGNhbiBvYnRhaW4g
dGhlIGZpcm13YXJlIG9uIHRoZSBzdXBwb3J0IHdlYnNpdGU6DQoJaHR0cDovL3d3dy5hcnViYW5l
dHdvcmtzLmNvbS9zdXBwb3J0LiANCiAgIA0KQXJ1YmEgU3VwcG9ydCBjb250YWN0cyBhcmUgYXMg
Zm9sbG93czoNCg0KCTEtODAwLVdpRmlMQU4gKDEtODAwLTk0My00NTI2KSAodG9sbCBmcmVlIGZy
b20gd2l0aGluIE5vcnRoDQoJQW1lcmljYSkNCg0KCSsxLTQwOC03NTQtMTIwMCAodG9sbCBjYWxs
IGZyb20gYW55d2hlcmUgaW4gdGhlIHdvcmxkKQ0KDQoJZS1tYWlsOiBzdXBwb3J0KGF0KWFydWJh
bmV0d29ya3MuY29tDQoNClBsZWFzZSwgZG8gbm90IGNvbnRhY3QgZWl0aGVyICJ3c2lydChhdClh
cnViYW5ldHdvcmtzLmNvbSIgb3IgDQoic2VjdXJpdHkoYXQpYXJ1YmFuZXR3b3Jrcy5jb20iIGZv
ciBzb2Z0d2FyZSB1cGdyYWRlcy4NCg0KDQpFWFBMT0lUQVRJT04gQU5EIFBVQkxJQyBBTk5PVU5D
RU1FTlRTDQoNClRoaXMgdnVsbmVyYWJpbGl0eSB3aWxsIGJlIGFubm91bmNlZCBhdCANCg0KQXJ1
YmEgVy5TLkkuUi5ULiBBZHZpc29yeToNCmh0dHA6Ly93d3cuYXJ1YmFuZXR3b3Jrcy5jb20vc3Vw
cG9ydC93c2lydC9hbGVydHMvYWlkLTEyMjIwNy5hc2MNCg0KU2VjdXJpdHlGb2N1cyBCdWd0cmFx
DQpodHRwOi8vd3d3LnNlY3VyaXR5Zm9jdXMuY29tL2FyY2hpdmUvMQ0KDQoNClNUQVRVUyBPRiBU
SElTIE5PVElDRTogRmluYWwNCg0KQWx0aG91Z2ggQXJ1YmEgTmV0d29ya3MgY2Fubm90IGd1YXJh
bnRlZSB0aGUgYWNjdXJhY3kgb2YgYWxsDQpzdGF0ZW1lbnRzIGluIHRoaXMgYWR2aXNvcnksIGFs
bCBvZiB0aGUgZmFjdHMgaGF2ZSBiZWVuIGNoZWNrZWQgdG8gdGhlDQpiZXN0IG9mIG91ciBhYmls
aXR5LiBBcnViYSBOZXR3b3JrcyBkb2VzIG5vdCBhbnRpY2lwYXRlIGlzc3VpbmcNCnVwZGF0ZWQg
dmVyc2lvbnMgb2YgdGhpcyBhZHZpc29yeSB1bmxlc3MgdGhlcmUgaXMgc29tZSBtYXRlcmlhbCBj
aGFuZ2UNCmluIHRoZSBmYWN0cy4gU2hvdWxkIHRoZXJlIGJlIGEgc2lnbmlmaWNhbnQgY2hhbmdl
IGluIHRoZSBmYWN0cywgQXJ1YmENCk5ldHdvcmtzIG1heSB1cGRhdGUgdGhpcyBhZHZpc29yeS4N
Cg0KQSBzdGFuZC1hbG9uZSBjb3B5IG9yIHBhcmFwaHJhc2Ugb2YgdGhlIHRleHQgb2YgdGhpcyBz
ZWN1cml0eSBhZHZpc29yeQ0KdGhhdCBvbWl0cyB0aGUgZGlzdHJpYnV0aW9uIFVSTCBpbiB0aGUg
Zm9sbG93aW5nIHNlY3Rpb24gaXMgYW4NCnVuY29udHJvbGxlZCBjb3B5LCBhbmQgbWF5IGxhY2sg
aW1wb3J0YW50IGluZm9ybWF0aW9uIG9yIGNvbnRhaW4NCmZhY3R1YWwgZXJyb3JzLg0KDQoNCkRJ
U1RSSUJVVElPTiBPRiBUSElTIEFOTk9VTkNFTUVOVA0KDQpUaGlzIGFkdmlzb3J5IHdpbGwgYmUg
cG9zdGVkIG9uIEFydWJhJ3Mgd2Vic2l0ZSBhdDoNCmh0dHA6Ly93d3cuYXJ1YmFuZXR3b3Jrcy5j
b20vc3VwcG9ydC9hbGVydHMvYWlkLTEyMjIwNy5hc2MNCg0KDQpGdXR1cmUgdXBkYXRlcyBvZiB0
aGlzIGFkdmlzb3J5LCBpZiBhbnksIHdpbGwgYmUgcGxhY2VkIG9uIEFydWJhJ3MNCndvcmxkd2lk
ZSB3ZWJzaXRlLCBidXQgbWF5IG9yIG1heSBub3QgYmUgYWN0aXZlbHkgYW5ub3VuY2VkIG9uIG1h
aWxpbmcNCmxpc3RzIG9yIG5ld3Nncm91cHMuIFVzZXJzIGNvbmNlcm5lZCBhYm91dCB0aGlzIHBy
b2JsZW0gYXJlIGVuY291cmFnZWQNCnRvIGNoZWNrIHRoZSBhYm92ZSBVUkwgZm9yIGFueSB1cGRh
dGVzLg0KDQoNClJFVklTSU9OIEhJU1RPUlkNCg0KICAgICAgUmV2aXNpb24gMS4wIC8gMTItMjIt
MjAwNyAvIEluaXRpYWwgcmVsZWFzZQ0KDQoNCkFSVUJBIFdTSVJUIFNFQ1VSSVRZIFBST0NFRFVS
RVMNCg0KQ29tcGxldGUgaW5mb3JtYXRpb24gb24gcmVwb3J0aW5nIHNlY3VyaXR5IHZ1bG5lcmFi
aWxpdGllcyBpbiBBcnViYQ0KV2lyZWxlc3MgTmV0d29ya3MgcHJvZHVjdHMsIG9idGFpbmluZyBh
c3Npc3RhbmNlIHdpdGggc2VjdXJpdHkNCmluY2lkZW50cyBpcyBhdmFpbGFibGUgYXQNCmh0dHA6
Ly93d3cuYXJ1YmFuZXR3b3Jrcy5jb20vc3VwcG9ydC93c2lydC5waHANCiAgIA0KICANCkZvciBy
ZXBvcnRpbmcgKk5FVyogQXJ1YmEgTmV0d29ya3Mgc2VjdXJpdHkgaXNzdWVzLCBlbWFpbCBjYW4g
YmUgc2VudA0KdG8gd3NpcnQoYXQpYXJ1YmFuZXR3b3Jrcy5jb20gb3Igc2VjdXJpdHkoYXQpYXJ1
YmFuZXR3b3Jrcy5jb20uIEZvcg0Kc2Vuc2l0aXZlIGluZm9ybWF0aW9uIHdlIGVuY291cmFnZSB0
aGUgdXNlIG9mIFBHUCBlbmNyeXB0aW9uLiBPdXINCnB1YmxpYyBrZXlzIGNhbiBiZSBmb3VuZCBh
dA0KaHR0cDovL3d3dy5hcnViYW5ldHdvcmtzLmNvbS9zdXBwb3J0L3dzaXJ0LnBocA0KDQoNCihj
KSBDb3B5cmlnaHQgMjAwNyBieSBBcnViYSBOZXR3b3JrcywgSW5jLiAgVGhpcyBhZHZpc29yeSBt
YXkgYmUNCnJlZGlzdHJpYnV0ZWQgZnJlZWx5IGFmdGVyIHRoZSByZWxlYXNlIGRhdGUgZ2l2ZW4g
YXQgdGhlIHRvcCBvZiB0aGUNCnRleHQsIHByb3ZpZGVkIHRoYXQgcmVkaXN0cmlidXRlZCBjb3Bp
ZXMgYXJlIGNvbXBsZXRlIGFuZCB1bm1vZGlmaWVkLA0KaW5jbHVkaW5nIGFsbCBkYXRlIGFuZCB2
ZXJzaW9uIGluZm9ybWF0aW9uLg0KDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVy
c2lvbjogR251UEcgdjEuNC42IChHTlUvTGludXgpDQoNCmlEOERCUUZIZnlacnA2S2lqQTRxZWZV
UkFtUEZBSjlWcGhOR0hvcGFlbHk1TGJpa3Bna0RPR1kra3dDZzVGTGcNCkk2dFdkNHhRRi9XZUFC
VityRlcydGQ0PQ0KPW56TFUNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ=
------_=_NextPart_001_01C84F2B.7512F5B7--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH