Vulnerability Description
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vocera | Wireless Handset | - |
Related Weaknesses (CWE)
References
- http://blogs.zdnet.com/security/?p=896
- http://blogs.zdnet.com/security/?p=901
- http://seclists.org/fulldisclosure/2008/Feb/0402.html
- http://www.securityfocus.com/bid/27935
- http://www.vocera.com/downloads/InfrastructureGuide.pdf
- http://blogs.zdnet.com/security/?p=896
- http://blogs.zdnet.com/security/?p=901
- http://seclists.org/fulldisclosure/2008/Feb/0402.html
- http://www.securityfocus.com/bid/27935
- http://www.vocera.com/downloads/InfrastructureGuide.pdf
FAQ
What is CVE-2008-1114?
CVE-2008-1114 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed...
How severe is CVE-2008-1114?
CVE-2008-1114 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1114?
Check the references section above for vendor advisories and patch information. Affected products include: Vocera Wireless Handset.