The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Alcatel-Lucent OmniAccess Wireless Access Point

vulnerability note 20524

Aruba, Alcatel: known private key for securelogin

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Aruba and Alcatel, in order to read or write data in the session.
Impacted products: Alcatel OmniAccess Wireless Access Point, Alcatel OmniAccess Wireless LAN Switch, ArubaOS.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Creation date: 06/09/2016.
Identifiers: VIGILANCE-VUL-20524.

Description of the vulnerability

The Aruba and Alcatel-Lucent OmniAccess products use the "securelogin.arubanetworks.com" certificate, for the following features:
 - captive portal
 - web administration
 - WPA2-Enterprise 801.X authentication

However, the private key of this certificate was published.

An attacker can therefore act as a Man-in-the-Middle on Aruba and Alcatel, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Alcatel-Lucent OmniAccess Wireless Access Point: