CVE-2008-1114
Vocera Wireless Handset - Unauthenticated Man-in-the-Middle via PEAP Certificate Validation Bypass
Title source: llmDescription
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=896
Various Sources x_refsource_confirm
http://www.vocera.com/downloads/InfrastructureGuide.pdf
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2008/Feb/0402.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27935
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=901
Scores
EPSS
0.0058
EPSS Percentile
43.7%
Details
CWE
CWE-20
Status
published
Products (1)
vocera/wireless_handset
Published
Mar 03, 2008
Tracked Since
Feb 18, 2026