CVE-2008-1114

Vocera Wireless Handset - Unauthenticated Man-in-the-Middle via PEAP Certificate Validation Bypass

Title source: llm
STIX 2.1

Description

Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

References (5)

Core 5
Core References
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=896
Various Sources x_refsource_confirm
http://www.vocera.com/downloads/InfrastructureGuide.pdf
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2008/Feb/0402.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27935
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=901

Scores

EPSS 0.0058
EPSS Percentile 43.7%

Details

CWE
CWE-20
Status published
Products (1)
vocera/wireless_handset
Published Mar 03, 2008
Tracked Since Feb 18, 2026