SSL Certificate Signed with the Publicly Known Cyberoam Key

The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority CA found in Cyberoam devices. The private key corresponding to the CA was discovered and publicly disclosed, meaning that the remote host's X.509 certificate cannot be trusted. TRUSTED...

CVE-2012-3372

The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the CyberoamSSLCA...

CVE-2012-3372

CVE-2012-3372 affects Cyberoam UTM/DPI devices. The default configuration uses the same Certification Authority certificate and private key across different customers, enabling a MITM attacker to spoof SSL servers by leveraging the Cyberoam_SSL_CA trusted root. Several sources note the vendor dis...

VulnCheck KEV: CVE-2012-3372

The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the CyberoamSSLCA...