CVE-2008-1114 Information

Description

Vocera Communications wireless handsets when using Protected Extensible Authentication Protocol (PEAP) do not validate server certificates which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Reference

http://blogs.zdnet.com/security/?p=896 http://blogs.zdnet.com/security/?p=901 http://seclists.org/fulldisclosure/2008/Feb/0402.html http://www.securityfocus.com/bid/27935 http://www.vocera.com/downloads/InfrastructureGuide.pdf