Skip to content

Security vulnerability in Cyberoam DPI devices

4. Jul 2012

The TorProject discovered a security vulnerability in Cyberroam DPI devices. You can read their blog post.

The issue was discovered by Runa A. Sandvik and Ben Laurie. See the security advisory. (CVE-2012-3372)

Blog Post Quote:

Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key. It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device – or to extract the key from the device and import it into other DPI devices, and use those for interception.

The Cyberoam CA certificate needs to be installed by a third-party or the victim itself. This might be the case in work environments, where they use such devices to see what the employees are doing. “Normal” users should see a security warning.

The problem is that anyone in possession of the CA certificate and the private key can spy on users that are monitored by a Cyberoam DPI device. I guess it’s just laziness, they did not care about it.

Advertisements

From → General

Comments are closed.

%d bloggers like this: