Extracting Wi-Fi Passwords from Aruba Virtual Controller

password

Like usual I was conducting pentest and found an interesting way to extract the passwords for multiple access points managed using Aruba Virtual Controller IAP 105.

maxresdefault

What is a Virtual Controller ?

Aruba Instant virtual controller gives you the flexibility of configuring multiple access points from a centralized location.
You can distribute, store and regulate configuration to distributed access points from one place. Virtual controller is basically a single point of management for your configuration and firmware.
Fimware version prior to IAP-105 are vulnerable to access points password disclosure vulnerability, any malicious user having access to the management console can extract sensitive details using just browser(chrome, firefox, IE, etc.) debugger.
You can extract the passwords using below simple steps:
1. Login to Aruba virtual controller (in my case it was default admin-admin).
172-16-120-178_admin_admin
2. Click on the network you want to disclose wireless key for.
3. Click edit Factory Settings >> Go to Security Settings
4. Open browser’s debugger.
5. For the password text box change type to “text” in html.
6. Voila !!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s