CVE-2008-0150

Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Aruba_mobility_controllers	Aruba_networks	*	2.4.8.11-fips (including)
Aruba_mobility_controllers	Aruba_networks	2.3.6.15 (including)	2.3.6.15 (including)
Aruba_mobility_controllers	Aruba_networks	2.5.2.11 (including)	2.5.2.11 (including)
Aruba_mobility_controllers	Aruba_networks	2.5.4.25 (including)	2.5.4.25 (including)
Aruba_mobility_controllers	Aruba_networks	2.5.5.7 (including)	2.5.5.7 (including)
Aruba_mobility_controllers	Aruba_networks	3.1.1.3 (including)	3.1.1.3 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://secunia.com/advisories/28357
http://securityreason.com/securityalert/3529
http://www.arubanetworks.com/support/alerts/aid-122207.asc
http://www.securityfocus.com/archive/1/485831/100/0/threaded
http://www.securityfocus.com/bid/27144
http://secunia.com/advisories/28357
http://securityreason.com/securityalert/3529
http://www.arubanetworks.com/support/alerts/aid-122207.asc
http://www.securityfocus.com/archive/1/485831/100/0/threaded
http://www.securityfocus.com/bid/27144

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0150
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References