Original URL: http://www.theregister.co.uk/2012/07/09/cyberoam_issues_fix/

Cyberoam pushes fix for SSL vuln

Users’ snooped packets safe again

By Richard Chirgwin

Posted in Security, 9th July 2012 22:49 GMT

Deep packet inspection company Cyberoam has issued a hotfix to its devices, after earlier asserting that its technology “followed industry best practices for SSL bridging”.

The issue emerged when Tor Project researchers asserted that Cyberoam devices used the same skeleton certificate on all of its devices. This, the researchers argued, opened up dangerous possibilities for traffic interception.

Cyberoam has now issued an over-the-air fix which forces devices to generate unique CAs for each appliance. Devices that have implemented the fix should provide users with a message that the default CA certificate used in HTTPS scanning has been replaced – and that end users will need to re-import the certificate “for uninterrupted secure browsing”.

The network snooping security vendor says if the message is not displayed, the appliance “is still vulnerable” and users should change the default CA “using the CLI command meant for that purpose”.

In its previous response, Cyberoam had said that since all HTTPS scans take place in real time, there is no possibility of interception between different devices. ®