A certificate handling flaw in Cyberoam’s deep packet inspection (DPI) devices allow traffic from a single ‘victim’ to be intercepted by any DPI device from the vendor, according to the Tor Project.
The vulnerability stems from Cyberoam DPI devices sharing the same Certificate Authority (CA) certificate and therefore the same private key used to decrypt Secure Sockets Layer (SSL) encrypted traffic.
In a security advisory explaining the flaw, Tor Project developer Runa Sandvik and Google researcher Ben Laurie divide ‘victim’ scenarios into the “willing” —where a corporate environment willingly installs a certificate on devices that is untrusted by browsers in order to monitor traffic—and those where a CA, such as Cyberoam, could potentially be tricked into issuing a fraudulent certificate.
Cyberoam has not been tricked into issuing a fraudulent certificate and is using the untrusted certificate in a legitimate way for the “willing” victim scenario, however, Sandvik and Laurie said it was "surprising" all Cyberoam DPI devices use the same certificate.
“Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key,” the pair wrote.
“It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device—or to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors.”
The pair discovered the flaw after a user in Jordan reported seeing a fake certificate issued by Cyberoam for the torproject.org and initially thought Cyberoam had like Comodo and DigiNotar been tricked into issuing a fake certificate for torproject.org.
They also ruled out Cyberoam relying on an intermediate CA to generate new certificates “on the fly” similar to the way Trustwave had proposed and later abandoned after the Mozilla community considered removing trust for its root CA certificate.
The user had seen a fake certificate, according to Sandvik and Laurie, and his connection was also being intercepted by one of Cyberoam’s DPI devices, meaning that in theory his traffic could have been intercepted by any Cyberoam device.
The pair advised Cyberoam of the flaw on June 30 and informed the company at the time that they would publish details of the flaw on July 3.
They note that Cyberoam’s CA certificate is not trusted by browsers, which should mean that an alert will appear unless the certificate has been installed.