Multiple Sourcefire Products Static Web SSL Keys Vulnerability

2010-06-10T00:00:00
ID ZDI-10-107
Type zdi
Reporter Anonymous
Modified 2010-11-09T00:00:00

Description

This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products.

The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private key allows an attacker to decrypt and monitor SSL communications with the target.