Cyberoam - Cyberoam Addresses The Industry-prevalent Security Flaw in HTTPs Scan

Cyberoam Addresses The Industry-prevalent Security Flaw in HTTPs Scan

A Tor Project researcher and a Google software security engineer revealed in July 2012 that all Cyberoam appliances with SSL traffic inspection capabilities had been using the same self-generated CA certificate by default. This made it possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI deep packet inspection devices, and use those for interception.

Although Cyberoam was singled out in this case, as the whole industry uses the same methodology of shipping a default CA certificate with appliances that are capable of performing SSL traffic inspection, Cyberoam fixed the hole in network security appliances inspecting the HTTPS traffic by releasing an OTA on an immediate basis that put the Cyberoam appliances at a greater security level than the rest of the industry that does HTTPS deep scan.

Cyberoam issued an over-the-air (OTA) update for its unified threat management (UTM) appliances in order to force the devices to use unique certificate authority (CA) SSL certificates when intercepting SSL traffic on corporate networks. After the hotfix was applied, each individual appliance was required to have its unique CA certificate.