The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-07-09T10:00:00Z
Updated: 2024-09-16T23:42:15.982Z
Reserved: 2012-06-14T00:00:00Z
Link: CVE-2012-3372
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-07-09T10:20:44.417
Modified: 2024-08-06T20:15:35.837
Link: CVE-2012-3372
Redhat
No data.