Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberoam Packet Inspection Devices Open Traffic To Third Parties

Posted by Unknown on from the security-through-oh-screw-it dept.

New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

2 of 29 comments (clear)

  1. Re:This is suprising? by houstonbofh · · Score: 3, Informative

    It is part of a egress filter. If you do not accept the cert, you just do not get out...

  2. They have to inject the cert first by Animats · · Score: 3, Informative

    I don't think this is a cert issuer trusted by major browsers. Unless some "toolbar" or a corporate installation has managed to put this cert into your browser (which happens), this attack may be ineffective against browsers.