Security vulnerability found in Cyberoam DPI devices (CVE-2012-3372)

Last week, a user in Jordan reported seeing a fake certificate for torproject.org. The user did not report any errors when browsing to sites such as Gmail, Facebook, and Twitter, which suggests that this was a targeted attack. The certificate was issued by a company called Cyberoam. We first believed that this incident was similar to that of Comodo and DigiNotar, and that Cyberoam had been tricked to issue a fake certificate for our website.

After a bit of research, we learned that Cyberoam make a range of devices used for Deep Packet Inspection (DPI). The user was not just seeing a fake certificate for torproject.org, his connection was actually being intercepted by one of their devices. While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices.

Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key. It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or to extract the key from the device and import it into other DPI devices, and use those for interception.

Ben and I wrote a security advisory and notified Cyberoam of this vulnerability at 17:00 UTC on Saturday, June 30. We made it clear that we intended to publish this blog post and the security advisory on Tuesday, July 3, and encouraged them to respond promptly if they had any comments. At the same time, we notified browser vendors and asked that they blacklist the Cyberoam CA certificate in their browsers.

Cyberoam have not yet commented on this issue, apart from acknowledging our first email and saying that they are looking into it. The Cyberoam CA certificate is not trusted, and so browsers will show users a warning (unless someone has already installed the certificate). Users with the Tor Browser Bundle are not affected.

To check if this CA is installed in your browser, see the following instructions for Internet Explorer, Firefox, Chrome, and Safari. The instructions mention DigiNotar, but they are still valid. If you have more information about this issue, please email help@rt.torproject.org.

Anonymous

July 03, 2012

Permalink

BoingBoing is reporting this as a "mass surveillance device," but Cyberoam makes consumer/SMB UTM appliances which do SSL inspection by generating their own certs, via a mechanism similar to that used by other vendors (Fortinet, SonicWALL, Palo Alto Networks, etc.)--a mechanism which won't work with DNSSEC and DANE.

As I understand it, DNSSEC doesn't protect the confidentiality of data being transmitted between a Web browser and its intended destination, DNSSEC merely ensures that DNS isn't being tainted or otherwise modified. It's SSL, or TLS as it's often ascribed, which does it; but SSL uses a MAC to ensure that the integrity of transmitted data remains intact or unaltered as it is. But it doesn't prevent these devices from does as they're intended; neither will DNSSEC if I'm not otherwise mistaken. It should be said that SSL itself isn't at fault. But should I trust CAs anymore? Or if I create a CA myself, should I trust myself any more than I trust a CA?

I thought that I'd confused myself, at least I now know that I've confused myself. Thank you; I'll browse it whenever I've an opportunity to! But I presume that SSL does use a MAC nonetheless? Or is it TCP/IP which ensures integrity of data either transmitted or received?

Yes, I understand it but does it not upon whether or not said surveillance is subject to consent or not? Would it not be proportionate or proper that these devices could be used to deter or detect suspected industrial espionage? Would I be being inappropriate or improper if I didn't condone use of these devices for the aforementioned purposes?

I'd interpret SSL inspection by an organization on its own user traffic to NOT be "mass surveillance." "Mass" seems to connote, as has been noted, a broader level of interception without consent. It has been claimed here, without evidence, that the Cyberoam was at the user's ISP rather than, say, the company he works for. If that is shown to be the case, I'll reconsider.

Anonymous

July 03, 2012

Permalink

It would be useful if the specific public key certificate being discussed could be made available to allow those affected to ensure that they're either able to identify and delete or distrust Cyberoam's CA public key certificate as appropriate. But that being said, it's rather shrewd of Cyberoam to believe that their CA public key certificate would be accepted as-is, is it not?

Anonymous

July 03, 2012

Permalink

Regarding your incorrect statement
"The certificate was issued by a US company called Cyberoam.":

Understandably you were scrambling to straighten out this mess that hit torproject and thank you for that.

To clarify for others, the cert you show above shows and the company's website confirms that Cyberoam is an Indian company (with a US branch). Its world headquarters is in India. The certificate shown specifies Gujarat in Ahmedabad as the location. Even the time zone of the certificate's stated expiration is Indian.

Or it is a proxy attack through the bought in subsidiaries of an U.S. business.

Screenshot says:
Organization: ELITECORE
Email Address: support@elitecore.com

Registrant:
Elitecore Technologies PLC
10 Schalks Crossing Road
Suite 501-329
Plainsboro, NJ 08536
US

ELITECORE.COM:
Technical Contact of ELITECORE.COM:
Patel, Hemal hemal@ECLIPSEMICRO.COM
9 Nicola Ct
Cranbury, NJ 08512
US
201-422-9200 fax: 201-735-5888

ECLIPSEMICRO.COM:
Administrative Contact of ECLIPSEMICRO.COM:
Patel, Hemal hemal@ECLIPSEMICRO.COM
9 Nicola Ct
Cranbury, NJ 08512
US
201-422-9200 fax: 201-735-5888

About ECLIPSEMICRO.COM:
"Eclipse Micro Computer was founded in 1993. Our annual growth is derived from clients throughout the United States, the Caribbean, Europe and Asia. It is our commitment and dedication in understanding our client’s needs that has enabled us this growth. As a Certified Minority Business we are committed to the highest quality and customer satisfaction.

With the opening of foreign economies, we took our first step by establishing joint ventures in developing countries. We formed a Joint Venture (JV) with Eleclipse Network Pvt Ltd in India to start an Internet Service Provider (ISP), under the trade name IceNet, Net, India. This experience has expanded both our services and our technological knowledge. Today IceNet is one of India’s largest ISPs utilizing Fiber Optic technology.

In further expanding our presence in Asia, we Joint Ventured with Elitecore Technologies Ltd, India to provide a software development center specializing in JISP, JHotline, Cyberoam, Elite Web Mail, and services for Web Based Application Development, Networking Solutions, Atomization and Process Engineering, E-commerce Applications, etc. Complementing our US capabilities.

With the Hispanic market's rapid growth, we started an Internet Service Provider (ISP) in Puerto Rico, under the trade name ICENetworks.com, Inc.This ISP is quickly growing and will soon be the largest ISP in Puerto Rico.

Through out the world, our highly skilled staff is devoted to supporting the client server needs of the business community. Eclipse specialties include the design, testing and implementation of major client/server infrastructures that allow clients to reduce system administration costs through the design and implementation of uniform models."

Guajarat, India, hosts the servers of icenet.net.

Cyberoam s a division of Elitecore Technologies. Elitecore has offices in USA, Middle East & India and has its R&D and Global Support Management Centre in India. It seems the main HQ is in India.

To clarify for others, the cert you show above shows and the company's website confirms that Cyberoam is an Indian company (with a US branch).

Are you serious? Cert proves nothing, for your clarify. You need to point and to cite parts of the company's website that confirms that Cyberoam is an Indian company.

To add to Eclipse Micro Computer Inc - Cyberoam connection.
Eclipse Micro says about its Elitecore Technologies Pvt Ltd venture:

"With aim to provide and extend the ISP Technological Expertise, we ventured into Elitecore, now the backbone for many ISP’s in India. With an In-House team of 50 professionals, Elitecore has conceived and Developed Software products like JISP, JHotline, CYBEROAM and Elite Web Mail for Internet Enabled Services."

Anonymous

July 03, 2012

Permalink

Ok I changed the certificate to not trusted like the instructions said. I decided to take it to the next level and delete it all together. The problem is it will not delete!! Any ideas I am using an OSX 10.5

I suspect that if you've decided to distrust it just now, in the meantime it shouldn't be a concern as your Web browser will not trust either Cyberoam's CA public key certificate, nor others that it has issued.

Anonymous

July 03, 2012

Permalink

I marked the certificate as untrusted, but when I went to diginotar.com to verify everything was cool, the page wouldnt open. Is this a good thing. The instructions said I needed to make sure it said "Safari can not verify..."

Anonymous

July 04, 2012

Permalink

"but they are still valid" isn't really accurate. The Chrome instructions are outdated.

What?! Would it be preferable to distrust it or otherwise disable it as opposed to attempting to delete it in the meantime? If Microsoft Root Certificate Program is defined by Microsoft, is it not incumbent upon Microsoft to ensure that Cyberoam's CA public key certificates couldn't be installed whatsoever? Would it be possible to do it, or could Cyberoam merely create another and thus render it useless?

Anonymous

July 04, 2012

Permalink

Cyberoam ships a lot of private keys in firmware updates.

Decrypt updates with this key:

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92V
aat6CpIEEGueyG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9zi
Yon8jWsbK2aE+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQAB
AoGBAKTvnFGKSkUJnNQGe66I0wunGgCA3W7kbarAzEF2qKYhGlZhJQnn68RmVnAW
pXUFvB+vmtu/+4J9OmWBJsGHFvC9xH32a0PWNr7APjAKrjAD8GWS7Z6BjuxN8QhD
WlFMmpYhYIjT1jt7RNfs2gJGS2Ryu3zutUQGwtUB9Pou03dJAkEA6yttwVINFqQP
utgUZ1JUHrN/rE73FzYsF/CwJp5d3rLHenZzLT0iW+kNDLUw/VpzYxK7bF2Qrt/3
QIUWwm2InQJBAMpe+jhNMJeLDLc3tG3zeithT0mFkuzWWmT2PJgQ0V78UWhw/fSn
Qqnq7KBY/DNjlfhezrozLDD73/ccmha0Ax8CQQCBaBlyOtNm9QqO116K6HvPlRiZ
Wa6QQEgNOG3GInknFZu9ILcKWsywZNLAfmgh0gcSqnkmDWqTQD0PbOz0Ok/lAkEA
g24JrfUbwOASww9PhDUju/a36rTwhhZ0oKt3EP+jKsBOErmHhZP3bKlhQoZoTOu5
Y5QXSMChS7LZcwDFZkdE2wJATRgMbhErif+ZRwt9XJRdCo5Sx6ewyGyxjc5gvUyK
KegHcgru/ZC3pGlujRD2LqxgJNAn5QTdW4LK8xVPFySTYg==
-----END RSA PRIVATE KEY-----

OpenVPN configuration and keys:
port 8443
mode server
tls-server
proto tcp-server
dev tun
topology subnet
port-share 127.0.0.1 4128
dh /usr/local/sslvpn/keys/dh1024.pem
ca /usr/local/sslvpn/keys/FactoryDefault.pem
cert /usr/local/sslvpn/keys/FactoryCert.pem
key /usr/local/sslvpn/keys/FactoryKey.key
ifconfig 10.81.234.5 255.255.255.0
push "topology subnet"
comp-lzo
persist-key
persist-tun
verb 1
status-version 2
keepalive 60 300

/usr/local/sslvpn/keys/dh1024.pem
-----BEGIN DH PARAMETERS-----
MIGHAoGBAMqcURr/SGr2qctu5ZLvB9xjSjji1WSVxiUZ3jKerrKy/9QjG/vFP8JY
3TE6/NXOMs6iWz8A2tLIzhW0um66MMjngV1JXaFv6VoxtHmL799q/0aTa/ep0zHx
8rlCQQEI3hIj9eyfZjjjpPSYAnIbNVQ3rJy8W3XgUOGWRB2EYmobAgEC
-----END DH PARAMETERS-----

/usr/local/sslvpn/keys/FactoryDefault.pem
-----BEGIN CERTIFICATE-----
MIIEfDCCA2SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBijELMAkGA1UEBhMCSU4x
EDAOBgNVBAgTB2d1amFyYXQxEjAQBgNVBAcTCUFobWVkYWJhZDESMBAGA1UEChMJ
ZWxpdGVjb3JlMREwDwYDVQQLEwhjeWJlcm9hbTEMMAoGA1UEAxMDampwMSAwHgYJ
KoZIhvcNAQkBFhFqanBAZWxpdGVjb3JlLmNvbTAeFw0wOTAxMzEwNzA0NThaFw0z
NjEyMzAwNzA0NThaMIGKMQswCQYDVQQGEwJJTjEQMA4GA1UECBMHZ3VqYXJhdDES
MBAGA1UEBxMJQWhtZWRhYmFkMRIwEAYDVQQKEwllbGl0ZWNvcmUxETAPBgNVBAsT
CGN5YmVyb2FtMQwwCgYDVQQDEwNqanAxIDAeBgkqhkiG9w0BCQEWEWpqcEBlbGl0
ZWNvcmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU1pl4ru
v9HdxrWkScFgIDcNOBlopgwo3jNon1AUmGeGfeo2JnLnSxWAqGD8Wyw7G1t8ls3W
VIKQMmW6xwOHwWJyifZmAfKpA7TeMwVFHw48xRJIDp4rqoEIxqxv3cVxQXFDZ6Qq
Ef3bEv9+UoB27AUXfd3lvLIEyDO1y41gLtADZLe3SVlkEdscAMvijq/f1hlT4Zj0
8QEHl4vIZ/pu2S1E7X4ooDswkaxS5/5qOm2P+L7NVlxch/VRwh+Y106T1k4qDW2D
1oeIoOxexZACy+97yaSSZMQD1IG6Y807JQylCuGzowtvCFxpCwGppZRDbtPwmOPN
BBfwclNdF9ThhwIDAQABo4HqMIHnMB0GA1UdDgQWBBQGGwwgsdygDwV2jqWg5v/w
o3iHATCBtwYDVR0jBIGvMIGsgBQGGwwgsdygDwV2jqWg5v/wo3iHAaGBkKSBjTCB
ijELMAkGA1UEBhMCSU4xEDAOBgNVBAgTB2d1amFyYXQxEjAQBgNVBAcTCUFobWVk
YWJhZDESMBAGA1UEChMJZWxpdGVjb3JlMREwDwYDVQQLEwhjeWJlcm9hbTEMMAoG
A1UEAxMDampwMSAwHgYJKoZIhvcNAQkBFhFqanBAZWxpdGVjb3JlLmNvbYIBADAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQAE/CtvgYO8/quyFlusqI5U
UKoPkiIw3K452GcD414db7s0tBdv2p6HRFDsTwglRWHqztEL3qH8oznFvz/tZ/e/
zNkhXyNqqWkJTmFe3fIL4zQPwLgkHb4PSKSuX88NfAKfe7cT3kUHg9+O5UoP4nGo
1iqwlTP3dpJnG8NjaaAsI5OIYSU7TIAQCMw08Fre25R9WcfjUxZB4IqM+Zqq0KML
ublzZjvSH0upgcRVuN2kyJVCnKCIS9xxhlklB10P+C4WxWFBqKRMHj3hYMtGO4Cp
iqOIvcpaFTf0VXlsxg2xaRvkxDNmc74Fq1az23rZpApl1vG+YV6CFK3cIM/5Xicl
-----END CERTIFICATE-----

/usr/local/sslvpn/keys/FactoryCert.pem
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBijELMAkGA1UEBhMCSU4x
EDAOBgNVBAgTB2d1amFyYXQxEjAQBgNVBAcTCUFobWVkYWJhZDESMBAGA1UEChMJ
ZWxpdGVjb3JlMREwDwYDVQQLEwhjeWJlcm9hbTEMMAoGA1UEAxMDampwMSAwHgYJ
KoZIhvcNAQkBFhFqanBAZWxpdGVjb3JlLmNvbTAeFw0wOTAxMzEwNzA2MzhaFw0w
OTAyMTIwNzA2MzhaMIGWMQswCQYDVQQGEwJJTjEQMA4GA1UECBMHZ3VqYXJhdDES
MBAGA1UEBxMJQWhtZWRhYmFkMRIwEAYDVQQKEwllbGl0ZWNvcmUxETAPBgNVBAsT
CGN5YmVyb2FtMRgwFgYDVQQDEw9lbGl0ZWNvcmVzc2x2cG4xIDAeBgkqhkiG9w0B
CQEWEWpqcEBlbGl0ZWNvcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDKgc5DG+TwiFTv0RQMzcBxR2Eid6bAZjrZHJ9VtGrA5NuDv2M0ycfiOsxxJSWQ
djoPr+CwQolajZdYk87A82pZY6HKiU2PVXirptsE7AYH7S9M1rtZW+Edjr4V/c+U
PgNgkX6dKS2OKrx32fx3Edq4dBjKd95NlVUcj/hO3XquwwIDAQABo4IBPDCCATgw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFEgSOGaZEGohNm0Bn58WWGFSZ3FAMIG3BgNVHSME
ga8wgayAFAYbDCCx3KAPBXaOpaDm//CjeIcBoYGQpIGNMIGKMQswCQYDVQQGEwJJ
TjEQMA4GA1UECBMHZ3VqYXJhdDESMBAGA1UEBxMJQWhtZWRhYmFkMRIwEAYDVQQK
EwllbGl0ZWNvcmUxETAPBgNVBAsTCGN5YmVyb2FtMQwwCgYDVQQDEwNqanAxIDAe
BgkqhkiG9w0BCQEWEWpqcEBlbGl0ZWNvcmUuY29tggEAMCQGA1UdEQQdMBuBGWph
bHBhLnBhdGVsQGVsaXRlY29yZS5jb20wDQYJKoZIhvcNAQEEBQADggEBADGvwvhD
w96cdy+JV2dL5iphpYh0RHVFkqKSPDukY7TdIP3scjcCAayrqsW9JmX1SR0iRYRN
2r1360Q1g9o262Tmx2MMWZ+qVkpMNYzDMr22qurYlMss8ZhR8Llk8IiAM+PAVwY7
OwjTDweFauLv+H/Mqt8FF1yvxQMHcQtE1GyHDTjNb2NMr9siRACSwzPvUnJKUL8X
vdyqk2LEC+MIR7+xTCfCXx0sFVwTrvyZAoFgbH/DKn1hUdRwXwLI0zUuzJnMzlnR
VrpjCmFvntL+wWGIXK3q4uG2jBeGlEtiMdbXUVVGLGItE/DhS15vPJG5yWOA/Z17
gL4XzxM79IC2dAc=
-----END CERTIFICATE-----

/usr/local/sslvpn/keys/FactoryKey.key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDKgc5DG+TwiFTv0RQMzcBxR2Eid6bAZjrZHJ9VtGrA5NuDv2M0
ycfiOsxxJSWQdjoPr+CwQolajZdYk87A82pZY6HKiU2PVXirptsE7AYH7S9M1rtZ
W+Edjr4V/c+UPgNgkX6dKS2OKrx32fx3Edq4dBjKd95NlVUcj/hO3XquwwIDAQAB
AoGAYkqzFPu7GczyfRycgMJ1gAZHbXVqKMT2F1+/LthNYKc0rTP+MScnr/UeOmTv
YLkh4W9avfLtvFgxd7r2hc0gdrlMKd8lQ3plZpLqHNBKkKVYgPyJg8qZBC8I2YWq
Y6+4qjC1GN18gF8g1AhQcRjRtKqpiqVp1VjxdK+xPiYPEKECQQDzuhjCcL8zHDT6
H6YryaQK609uxWuzPFesddkRvKZ3cgmxx0ZUh7E2ukBo9CmdCUocs1doMN+Ta96v
9d7n0UWJAkEA1LRXFXbTlNeFwPVhd8M3FzHU1j5S1agM2U8CfbkzhFDH3qz6Ia+2
+Hk75AwrlMLmnuABtWTAig6aPP6C5MSK6wJAVIcBGUZS+V3Z/blGPz9ydhr/9HHh
lUrjOTux6dXcgeZ5+D8dZCmfS1SzC/NKD11uZ5/HO6pfj9hEZhBGm21XyQJAb3Pf
fZu52e/kYesxmzNrFnhB8dDOTq2zrdo8j+wPFnHNiNxSZHxR/3hm7WODInvNo8n0
mzujt7NXFka2B3EE6QJBALRfEPQB4HeRhECHON4htHLBJBO6lo3jWN0myW0msuPu
M5Q9Y4zwvEcrduc4v2FPfVcaCAoM7NcHwPJCtfyO7ok=
-----END RSA PRIVATE KEY-----

Kaspersky license keys:

053A10DD.key
kaspersky-053A10DD.key.base64
S0xzdycADQpTZXJpYWwgTnVtYmVyOiAwQzdBLTAwMDRFMC0wNTNBMTBERA0KS0xzdwAAra0BAAAA
/AMAAAMBAAgBAQAACQcBAAgBAQAACQUVAAEoCQBFbGl0ZWNvcmUBAAAJAxYAAQEBAAAJBQEAASgN
AGZvciBFbGl0ZWNvcmUBAAAJAQMAASgFAEluZGlhAQAACf8BAQABKBYAS2FzcGVyc2t5IGxhYiBr
ZXkgZmlsZQEAAAkBBAABC90HAgAAAAoAAQAACQErAAEJAQAAAAEAAAkDGgABCQAAAAABAAAJBQQA
AQlQwwAAAQAACQEBAAEJAQAAAAEAAAn/AQcAAQlQwwAAAQAACQEIAAEoIwBMaWNlbmNlTnVtYmVy
OiAwQzdBLTA5MDIxMS0xMTAyMjIuIAEAAAkBGQABCQEAAAABAAAJAQMAAQltAQAAAQAACQEOAAEJ
4AQAAAEAAAkBDQABKEYAS2FzcGVyc2t5IEFudGktVmlydXMgZm9yIEVsaXRlY29yZSAoU2VydmVy
LCBuZXcgbGljZW5zZSBzY2hlbWUpIDEgeWVhcgEAAAkBFwABKCQAOUQ3NkJBNEYtQjYwRC00NzQ4
LThCMjgtQzVGMUIyMUMxNjc5AQAACQEKAAFJAwABAHoMAADgBAAA3RA6BQEAAAkBCQABKBoARElT
VFJJQlVUT1I6IEVsaXRlY29yZQ0KDQoBAAAJAQIAAQkEAAAAAQAACQEdAAEJBQAAAAEAAAkBIwAB
KBIAMEM3QS0wOTAyMTEtMTEwMjIyAQAACQEfAAEJQgUAAAEAAAkBIAABKAkARWxpdGVjb3JlAQAA
CQElAAEoCwBLTDY1MjlOU0JGUwEAAAkBGwABCZADAAABAAAJAQ8AAQvZBwIAAwALAAEAAAkBJAAB
KAAAAQAACf8BUQAICR4AAAABAAAJAVIACAkeAAAAAQAACf8PnxJXDQo7OjEwNFNOUmFaTXVmVTIx
K1dBUUw5Q1FwT3NMVlV4UEFQZkNEL1NZd2Ztckt4T1NLT0szSU0yQ3RuZEZpTms3ZHo1SmRsMnlZ
cHFESE9iSWZXb2xkNmtrSnYlJQ0KOyAwWExTem5wZEk3MWZCMzAwZTdVd2oxUFVkUWZOcDlZOTRI
UmxsbGt4SW9qVUFHdUhVTUYvaFY4UnRqra0=

0316D86E.key
kaspersky-0316D86E.key.base64
S0xzdycADQpTZXJpYWwgTnVtYmVyOiAwN0JDLTAwMDRFMC0wMzE2RDg2RQ0KS0xzdwAAra0BAAAA
/AMAAAMBAAgBAQAACQcBAAgBAQAACQUVAAEoCQBFbGl0ZWNvcmUBAAAJAxYAAQEBAAAJBQEAASgJ
AEVsaXRlY29yZQEAAAkBAwABKAUASW5kaWEBAAAJ/wEBAAEoFgBLYXNwZXJza3kgbGFiIGtleSBm
aWxlAQAACQEEAAEL2gcCAAAAFQABAAAJAxoAAQkAAAAAAQAACQUEAAEJUMMAAAEAAAkBAQABCQEA
AAABAAAJ/wEHAAEJUMMAAAEAAAkBCAABKCMATGljZW5jZU51bWJlcjogMDdCQy0wODAyMjAtMTUw
NzA0LiABAAAJARkAAQkBAAAAAQAACQEDAAEJbQEAAAEAAAkBDgABCeAEAAABAAAJAQ0AAShGAEth
c3BlcnNreSBBbnRpLVZpcnVzIGZvciBFbGl0ZWNvcmUgKFNlcnZlciwgbmV3IGxpY2Vuc2Ugc2No
ZW1lKSAxIHllYXIBAAAJARcAASgkADdERjA1NThCLTlGOTAtNDE0Ny1CNDEyLTQ5QUZDRTE3NDQ3
MgEAAAkBCgABSQMAAQC8BwAA4AQAAG7YFgMBAAAJAQkAASgaAERJU1RSSUJVVE9SOiBFbGl0ZWNv
cmUNCg0KAQAACQECAAEJBAAAAAEAAAkBHQABCQUAAAABAAAJAR8AAQlCBQAAAQAACQEgAAEoCQBF
bGl0ZWNvcmUBAAAJARsAAQmQAwAAAQAACQEPAAEL2AcCAAMAFAABAAAJ/wFRAAgJHgAAAAEAAAkB
UgAICR4AAAABAAAJ/7x3tQwNCjs6MTBxOWZtbStCWXRwN0NzNVV1dU5Ea2ppaTNPaERraWpLVlFa
VDFrRTN2RnR5ZG9aTG5iUk5LRE9KdUhXbjlEZkQ3Wkd0VEZKTjNZZFpMQ0hqM0JiZlpqZiUlDQo7
IDBYTFN6bnBkSTcxZkIzMDBlN1V3ajFTNTlhcUVTeW9wWnZkeHg3czNKT29zYUJrSWJQNXg1czBq
aHitrQ==

SSH host keys. SSH is run on TCP port 222:

ssh-hostkey.pub

2048 35 23178304127391053134639083855042652968257017487248714289440944074345544197073367934275067382138342595922854198773473362149187429589211588690241225077935146243500409620985015706704134157338119525281498899096023145572448050960142245589480162309456185807776043089290451042235810319339234735452828481874956059229217315046402077465958412694739848655959942060360292721914185566944685578412514086483450261861706864655780403651890928799805363542268510358235314703532093327713100614934847080258051943853502840222131140959127457801042953627742113484869153125370094179859128942490254330920318324474144901652212339292637649329539

2048 a5:25:56:0f:2b:e4:a3:90:46:ca:42:91:24:77:e4:10 (RSA1)
OpenSSH RSA1 private key, version 1.1
ssh-hostkey.b64
VlRGT1NVbEdRbE5UVmxwQ1ZrVlZaMU13VmxwSlJWcEtWRVZWWjFKck9WTlVWVVpWU1VSRmRVMVJi
MEZCUVVGQlFVRkJRVUZCWjBGRApRVU16YlRSa04wMTJTMlpxUVhkbVJVNDFjZ3B3V0V4RFVua3hT
bkJVWWt3dlIzVmhlRzkxV1dKbFJIaEdlbFV2YVZGT1JsaEhUVE5RCk5XVnFkRkpSVVZGQ2RqSXJR
UzlGT1hSeFYwVnVNMEZQYTBReGNHeGhZbVZoZDBRd2F5OVNDbWQ0VVZkYVpsRldOMHNyUmtadWNW
WlEKUVhWRGNuWldRazV2TUhkUUx6ZElaMFJEYmxkTVMwdHRjQ3RVWjBoclptVTJjMGR2T1dkNmRI
VnBMMkYzYVcxd2RqTk9WWEF3Y1RCSgpZbEVLZFdwWmVrOTRTbE5wVkdGNlVGUXpTalE1VDJwR1lX
UklLMkpwVlVaMGFrcGpXbE15UWxsRFNGRkthMm96ZVRSd1ZEZExVRk0zClpWWnFSSFJ4YjFwelUx
SlVTM1E0WWxScVJGRXZid28wT0RWSlRsTlVWVTFqTnpCeFMxSndORUYzT1ZBM1UwbFhjVFZJU1dO
bllrdHYKWkV0MmMyZFdUVXBVYkcxT2RHYzRjbEJNTURVNFFrNVpiSEJPTnk5aE9UZHNkekJET1VN
dlZuRXpDalJzVlM5bVNITnhkbWxyT1dkdQpSalZVYkRKRVFVRlpha0ZCUVVGQlJHRnlUbkZ6U0M5
U09UVjJNMUV3Ym5BNFEwVk1WR1ZWWjFCVVQwUTJVRElyUXpsUVNtWXZXWFZrClZsQkpRMGdLTTFk
emIycE5hMUZNU0VwTFYybGhObU5qVWtzM1dEaG5OM1J1YUZsamJpdGljREZwVVZoR2NFVnVUa0pH
YVd4SlJIUjMKVm1KTlZGVndSblZqWTNaNGVIUTNRbkZSVDFwcFJVcHZVQXBZVkRWb1NEUlRaRkZh
Tmt4QlVXRXJkalJXTld3M1RHa3dkVGt3VTFSUwpWMjFvWkN0alVYSm1TbWN6ZDNaamRIUlFORTkx
ZFVGaFIwTkNSRGRsTUdaeU1sTjFXR3RxTkZaR1YwRllDa3h6VWxVNFlYQk9kMGdyCmNrSlhTWFJo
Y1VKcU1EbDJZMUkzZGtkSVVqUTJMek40VlVkeE5WVk1TM1ZyYzBsQmVYWnFkWGxzTldOV1JFRkZj
VzFNYjNCM2RrNVUKTnpGa1EwVnZhM0lLTmtsalNHOXJRbUZ5TldnM1JrWTFjMU5hWldkME0xVlJi
azVJYWxkdFZrWk1SRU5ZYURjNFpqZFlVMngwUWpCRwpPRVJsV2tnd2FVeEphMk4yVFhnNVlraGFR
MjFMWlZGRFVrUnpSQW92VW1wNFZXMWxVaTlzWlZCb2N5OTRNRlp5U1ZsM1pqQXpUVVJVClYxUmxV
RFZyY205VlJ6Y3JSamhMWkRobWQyRkVaSFpNYTBwdE4wRXlkRFpSZUM5R1p6RkthMlZSVlhaaWNF
ZGFDa05ZVmxCV1JGUk0KTm1oeFVrVXdlVmx2VlZwYVEzVXZUVFpvZERrellpdG5VVUY2UVdnM1lu
ZHFWbGRLVVZkUFVpOTFSVWd2YW5KTldqWk5TazVQUkVWbQpjMGR3TVZGeWVHRkNaRzhLVUV0UmVV
MU5abXB4VG5kQ1VVOXNPRWQ0ZVdKQ1FVUlRUa0V3UTB4c1RVcEdWRW9yWWpaQmNXMUtlbWwwCk0y
eEtVM1Z0UkhCMFVFcFBWVnAwUkVSTFFrOU1VbUZ0Vm05Rk5uVlZRUXB1Ym5KUFRtSnhlVU5ET1ha
elZtVlVlV2x0WVhSamJVaEsKZEZOVFVUUTNhVEpTY0dKNFoyWkNSM1Z3ZEVaRVZuTkdZMVZqUXpW
d05qQllOakZSV1M5NFREQXhjemRuTkRKb1NUUm5DbkJQY25SUApjMUZQTmpabFVteEtlVXB2Y1ho
amRYaDJhamszVkVWb2RpdG5ORzUwZFdkVVJqVmFVVkZCTXpWM1pIZFJRM0oxYzNCeU5tdFdlbFoz
ClUyTk5PRWh0VVhWbE9VaFBVMDRLWjFkeE1rcFlOR1JIVjJsc01qaHBZM0p1VVU5cU1IZzRTblZo
YldwNVJGWkZjblI1U1V4NWJrRlAKZURBeGJTOXZSalpuUlhCYVFXdHhaRWRDYVdGNlZrcGlXRTlF
TjI0eVZtMTBjd3AzUmtwNlJVUlNNMGxFV1ZaTlVDOW5OMlpwU0ZWbApkVUpYWVdwclNGSjNNRTQ1
TWxKQllrWlVlRFJDUm1aeGFVcDBlR1ZCVnl0VFZFUndkR3hCVFdOQlFVRkJRUW89Cg==

Miscellaneous keys:

root_pubkey.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMC1VjIT81SDM7O4zoVe
NlRdujsoBlfFI9h4kP6Cx4Ih6IkZwX+wHcJ2pBrZpKMxzwHXwoz8rOR/bQCcWhVo
b9+0xzVkfhpije1nkbx63iEn+mYTEUZBKLxq1I7FuuNVfS3EswcZyPrT++C3y/2M
7iujoeDqs/7dI+oCtdc8oYeaeN4Sady89E3vUASjKN3bBTkWgknG3TEXOfqp6/W2
9DupR9vtk1D6SDOnsveRc352L5d9ojbtIYU+K2GgJZ6hpdShH8XyZKJCbEN9iFHF
dDjVEj2u7wBcAgSA2BZrlsdW5ZJLGLYc91kU4MqCtdRhG+4WS7l2XsgKdCI4JmKT
FwIDAQAB
-----END PUBLIC KEY-----

Administrative user is set and reset through SQL:

INSERT INTO tbluser (userid,name,username,password,dob,createdby,createdate,renewby,renewdate,active,emailid,securitylevel,groupid,securitypolicyid,accesspolicyid,ipallocation,allottedminutes,totalusedminutes,expiredate,authserverid,bwpolicyid,printingpolicyid,zoneid) VALUES (NULL,'cyberoam','cyberoam','cyber','2002-10-01','elite','2002-10-01','elite','2002-10-21','y','elite@elitecore.com',1,1,0,0,6,0,512,NULL,-15,0,0,0);
select @userid:=userid from tbluser where username='cyberoam';
INSERT INTO tbluseraccounting (userid,usedminutes,uploaddata,downloaddata) VALUES (@userid,0,0,0);

upgradekey:

090600078.2

Update key extraction and usage:

  1. <br />
  2. datasize=`wc -c upgrade.cyberoam.data | awk '{print $1;}'`<br />
  3. datasize=`expr $datasize - 128`<br />
  4. #echo $datasize</p>
  5. <p> head -c 128 upgrade.cyberoam.data > symmetric_key.data<br />
  6. tail -c $datasize upgrade.cyberoam.data > upgrade.cyberoam.tar.gz.data<br />
  7. rm -f upgrade.cyberoam.data</p>
  8. <p> openssl rsautl -decrypt -inkey /usr/local/apache/conf/ssl.key/snakeoil-rsa.key -in symmetric_key.data -out symmetric_key</p>
  9. <p> if [ $? -ne 0 ]; then<br />
  10. echo `date` " Problem while decrypting symmetric key ............." >> $buildlogfile<br />
  11. echo `date` " Please upload upgrade file properly, ..............." >> $buildlogfile<br />
  12. exit 1;<br />
  13. fi</p>
  14. <p> openssl enc -d -des3 -in upgrade.cyberoam.tar.gz.data -out upgrade.cyberoam.tar.gz -pass file:./symmetric_key</p>
  15. <p> if [ $? -ne 0 ]; then<br />
  16. echo `date` " Problem while decrypting upgrade file ............." >> $buildlogfile<br />
  17. echo `date` " Please upload upgrade file properly, ..............." >> $buildlogfile<br />
  18. exit 1;<br />
  19. fi</p>
  20. <p> rm upgrade.cyberoam.tar.gz.data symmetric_key symmetric_key.data</p>
  21. <p> tar zxf upgrade.cyberoam.tar.gz > /dev/null 2>&1<br />

Anonymous

July 04, 2012

Permalink

I glanced at the site on removing the certs, but I didn't see any in Torbrowser (Firefox ESR 10.0.5) in the section it was pointing to.

Edit=>Preferences=>Advanced=>Encryption=>View Certs=>Authorities

Instead, I see DigiNotar references in:

Edit=>Preferences=>Advanced=>Encryption=>View Certs=>SERVERS

These references were not mentioned on the site you posted on removing these entires from the 'Authorities' area, there was no mention on the site about these existing in the 'Servers' area and what we should do about those entries. There are two entries in the E/P/A/E/VC/Servers section:

DigiNotar (which expands to reveal 4 entries)
DigiNotar B.V. (which expands to reveal 2 entries)

What should be done with these entries?

Anonymous

July 05, 2012

Permalink

I'm working for a Cyberoam's distributor.
Cyberoam is a UTM solution, not focused only on DPI. Actually, this is not really a DPI solution at all.
One of the Cyberoam features is the HTTPS Scanning for Antivrus. When you enable it, the Cyberoam unit will dynamically generate a certificate for all HTTPS websites so the user browser will communicate in HTTPS with the Cyberoam, and then the Cyberoam will do the "real" HTTPS traffic with the website. It acts like a Proxy. The purpose is to be able to scan HTTPS website with Antivirus.
You need to understand that Cyberoam's appliance are installed in corporate network as a gateway firewall. So the corporate choose if they want to apply the HTTPS Scanning on the unit. And if they do, they know what is the mechanism of it.
I fear you have raised a non-existing vulnerability.
I have escalated your article to Cyberoam's management team, they will surely answer you soon.

There are two issues here; one is that a Cyberoam certificate is being used to intercept all traffic to torproject.org, another is that all Cyberoam devices share the same CA certificate and hence the same private key.

How can you be sure that the device being used in this case is not doing DPI, but "just" HTTPS scanning for antivirus? And how come the device is only intercepting traffic for some sites - and not all? Is there a way to specify which sites you want the device to intercept traffic for?

Hi runa,
Thanks for drawing my attention to the vulnerability of Cyberoam. I use a sonicwall appliance in my office at india. I would also like to report the same thing on my sonicwall appliance. I went to my sonicwall appliance to download the CA certificate as mentioned by you in the blog post. I was able to download the certificate from my appliance. Screen is shown below

http://www.picvalley.net/v.php?p=u/2055/11258394806391790141341517411UM…

Finally I also learnt that sonicwall have a website where they host the appliances for live demo, I would share the links below
All the sonicwall appliances are available for a demo from livedemo.sonicwall.com

http://www.picvalley.net/v.php?p=u/1690/14420756404065594191341517413ge…
NSA – 8500 - https://realtime.demo.sonicwall.com/main.html
NSA E5500 - https://nsa.demo.sonicwall.com/main.html
NSA 2400 - http://2400.demo.sonicwall.com/main.html
NSA 250 - http://nsa250mw.demo.sonicwall.com/main.html
NSA 220 - http://nsa220w.demo.sonicwall.com/main.html
I downloaded the certificates from all the above said appliances, and they appear to have the same details… and the same private keys…
The screen below will show you that I have downloaded each of the certificates from a different website
http://www.picvalley.net/v.php?p=u/2864/84257012810543838161341517419Wj…
I aligned both the certificates together and saw there is no change in any certificate… both appear to be the same. I wanted to know if the sonicwall also has the same vulnerability like the one you have listed on your blog post.

http://www.picvalley.net/v.php?p=u/2967/16816463827450592701341517436pU…

I have also recorded a video of the same but unable to post it here, here are the links of the sonicwall certificates
http://nsa250mw.demo.sonicwall.com/SonicWall_DPI-SSL_CA.cer
http://2400.demo.sonicwall.com/SonicWall_DPI-SSL_CA.cer
http://nsa220w.demo.sonicwall.com/SonicWall_DPI-SSL_CA.cer
https://nsa.demo.sonicwall.com/SonicWall_DPI-SSL_CA.cer
http://www.sonicwall.com/downloads/SonicOS_Enhanced_5.6_DPI-SSL_Feature…

ALSO OUT OF MY CURIOSITY, I WENT SEARCHING FOR OTHER VENDORS AND FOUND THE SAME ISSUE MAY BE WITH FORTIGATE DEVICES.
Fortigate Certificate:
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32404

Runa, after reading the TOR blog, I am very much concerned about the security of my organization. We normally do transactions over the internet all the day. I would like you to revert back to me on the same. I am not in a condition to remove the device.
Request you to kindly reply ASAP. In the race of UTM, please suggest who is the BEST vendor…

Runa, after reading the TOR blog, I am very much concerned about the security of my organization. We normally do transactions over the internet all the day. I would like you to revert back to me on the same. I am not in a condition to remove the device.
Request you to kindly reply ASAP. In the race of UTM, please suggest who is the BEST vendor… SEO Company USA

Runa,

I believe it's the individual's choice how to be protected. If you want your self to be protected against encrypted threats, you must allow security device like Cyberoam to intercept your traffic. It can be any XYZ traffic including traffic like of your TOR application. Finally, for a network admin like me, getting protected and not allowing any one to bypass Internet security using application like TOR is more important.

It's like doctor and patient relation!!!! If you do not allow doctor to treat you, you can not be cured.

I said by other blogger, Sonicwall also use the same method, so whats wrong in this??

The Jordan user seems to be a private user (Twitter, Gmail, Facebook usage).
He was surprised when he received the fake certificate and did not know about the Cyberoam device interception.

You describe a different situation where a company monitors employees PC usage (presumably after having them notified about his rule).
Your justification does not apply to this case. Likely the interception is done by the Jordan user's ISP or upstream provider without user's knowledge.

In addition your explanation about the undiscriminating behaviour of the device does not appear to be correct. As the Jordan user said the Gmail connection, which is also an encrypted https connection, was not intercepted.

Runa,

I believe it's the individual's choice how to be protected. If you want your self to be protected against encrypted threats, you must allow security device like Cyberoam to intercept your traffic. It can be any XYZ traffic including traffic like of your TOR application. Finally, for a network admin like me, getting protected and not allowing any one to bypass Internet security using application like TOR is more important.

It's like doctor and patient relation!!!! If you do not allow doctor to treat you, you can not be cured.

I said by other blogger, Sonicwall also use the same method, so whats wrong in this??

Hi,
You should read this answer article : http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/
All UTM appliance : SonicWALL, Fortinet, Watchguard, etc... use the same approach as it is the only existing one !
I don't see any vulnerability there. Yes Cyberoam is using a man-in-the-middle approach to scan HTTPS traffic, but it is not hidden to his customers. Customers have the choice to activate or not this feature. If they don't trust in Cyberoam, they just don't activate the feature. This feature is not activated by default.

Lawful interception in business is not done by forging certificates.
Employess' browser are set to use a local proxy and have the local
proxy certificate pre-installed. The local proxy fetches all https
requests, scans them and pass them on to employee.

As Eclipse Micro Computer is an U.S. company holding
Elitecore/Cyberoam, the Torproject should think about talking to
a lawyer.
Cyberoam interfered with protected communications, forged
certificates with Tor's name on it and with this damaged the
reputation of the Tor project.

Cyberoam cannot excuse themself by saying their device has
been abused, because they admitted in their own blog that this is
their standard procedure.
A favorable judgement should be worth 10 years+ of funding ;)

Today I come under massive spam attack. I have told all goverments in world about this attack but they are doing nothing. This is not good for me and I want everyone on the internet to remove moreacting@libero.it

Already I email 4chan.org secure server, ripe, interweb, cloudflare and all governments but no one remove my email from internet. Justice must be brought to my account and the people told!

The world must know not to send emails to me any longer! The authorities must act!

And to reply to you, the TOR user who has raised this "vulnerability" has seen this fake certificate only for torproject.org because this website is categorized as "URLTranslationSites" which is a default denied category. So, when the user tried to reach your website, the Cyberoam has blocked it and to be able to show him a Denied Message, it has used this fake certificate.

I don't think so. Otherwise the user from Jordan would not have
been left with impression that something is fishy if he had seen
a message like:
"Torproject.org is blocked by the Cyberoam DPI device because it is our category of evil hacktools."

Faking a certificate for Torproject.org would make sense if one
wants to interfere with the download of the Tor software and
swap it with an altered version.
If the the user also happens to download the GPG signature
the previous download would just be seen as "broken".

"There are two issues here; one is that a Cyberoam certificate is being used to intercept all traffic to torproject.org,"

Not all traffic to the domain, only all traffic to the domain from the user who is behind a Cyberoam device. Some are asserting, without evidence, that the Cyberoam device is in place at the user's ISP, when it could be at the user's *employer*.

"another is that all Cyberoam devices share the same CA certificate and hence the same private key."

Which is the case with most UTM vendors in the default configuration. Best practice is to put a corporate subordinate CA certificate in place for this purpose, and push that out as a trusted certificate to all corporate endpoints to avoid the warning messages. It would not be a good practice to push out the vendor default certificate to all corporate endpoints.

Anonymous

July 05, 2012

Permalink

.....

Anonymous

July 05, 2012

Permalink

What would GCHQ or NSA do to achieve something similar en-mass, especially as House of Commons is discussing Communications Data Bill which would permit it? I realize that they're wholly able to do it as NSA utilizes Narus STA 6400 amongst other devices, but would it also require CAs to be compliant? Or rather complicit?

Anonymous

July 07, 2012

Permalink

hello there. This is probably not related but I'll put it here anyway.
I normally check the Tor blog on a somewhat regular basis. I am now using the duck duck go HTML search engine from within TAILS and I noticed something weird. The Tor project page that came in the first place in the search results was http://www.torproject.us/
not https://www.torproject.org/
I found this weird because I'm used to seeing your page through https and it was in http.
I am using this ip: 93.182.129.84 which according to IP check is from Skane Lan, Lund.
My question is... Was I just victim of a man in the middle attack? I mean I went to tails page from there and https came back... but then clicked on the tor browser bundle instead... and it went to http://www.torproject.us/download/download-easy.html.en
I am not very technically able... but is it just me? or is this very fishy?!

No it isn't, nor is it a concern. It's a mirror which permits access to visit The Tor Project as its URL could be restricted dependent upon which environment access is being attempted from. It's genuine, it merely duplicates whatever content is available via The Tor Project every so often, but it isn't associated with or to The Tor Project itself.