Multiple Vendor PEAP Certificate Verification Security Bypass Vulnerability

Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks.

The following products are prone to this issue:
- Vocera Communications System badges
- Cisco Wireless IP Phone 7921

Other devices and packages may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus