Skip to content

Cyberoam DPI certificate private key in the wild

11. Jul 2012

The private key of the certificate that is used by Cyberoam DPI devices to monitor connections is out in the wild. (Please see the comments on the Tor blog entry)

Cyberoam claimed that it is not possible to extract the private key (unfortunately I don’t have screenshots), but as you can see that did not seem to be the case. Cyberoam removed the statement (again sorry, but I can’t show that to you) and left that the devices don’t come with an import or export function.

To be fair, they released a patch to create different certificates with different private keys of course. See their Blog. I like that they fixed this, however they still sell DPI devices, but again technology has no moral on it’s own.

The DPI devices monitor connections to torproject.org (for example) that are encrypted but use a fake certificate issued by Cyberoam.

Related:
https://roastedonion.[…]/security-vulnerability-in-cyberoam-dpi-devices/

Advertisements

From → General

One Comment
  1. I like reading an article that will make people think.
    Also, thank you for allowing for me to comment!

Comments are closed.

%d bloggers like this: