Cyberoam fixes security hole caused by use of default certificates

Tor researchers Runa Sandvick and Ben Laurie had earlier issued a security advisory noting that Cyberoam’s DPI devices all used the same default certificate. “It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device – or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors”, they wrote.

To address this issue, Cyberoam released on Monday an over-the-air hotfix that forcefully generated a unique CA certificate for each DPI device.

“Customers can know their appliances have a unique CA if they see a ‘positive alert’ on the appliance dashboard that informs about the change that has been done. In case a customer does not see such an alert on the dashboard, it means that their appliance is vulnerable and they should change the default CA of the appliance using the CLI command meant for that purpose”, Cyberoam explained.

“We, at Cyberoam, do understand the critical nature of this issue though we have been singled out and have been put into a situation that requires us to react urgently, keeping our customers’ best interest in mind. This has also led us to a deeper introspection to make sure that we stand up to our commitments of providing the best to our customers”, the company said.

What’s hot on Infosecurity Magazine?