Last week, Tor Project identified what seemed to be a fake torproject.org digital certificate. However, further analysis uncovered the existence of a vulnerability in Cyberoam Deep Packet Inspection (DPI) devices, caused by the fact that these appliances shared the same CA (Certificate Authority) certificate.
“While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices. Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key,” Runa A. Sandvik, security researcher at Tor Project, explained
“It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or to extract the key from the device and import it into other DPI devices, and use those for interception.”
The fact that the firm requires users to install certificates in their browser in order to utilize the products is not uncommon. However, the fact that the same CA certificate is shared on all the devices poses a great security risk.
Cyberoam, an Indian company with branches in the United States, has been notified of the existence of the vulnerability on June 30, but they haven’t commented on the issue.
While the organization is looking into the matter, the folks from Tor have published a security advisory
and alerted browser vendors to the fact that the Cyberoam CA certificate should be blacklisted.
Tor Browser Bundle are not impacted, but other users should check to ensure that the certificate in question is not installed in their web browser.
In case the Cyberoam CA certificate is found, it must be immediately uninstalled. Also, internauts are advised to be cautious when accepting connections, especially if warnings pop up.