CVEs-PoC/2012/CVE-2012-3372.md at 1aa1f2833964f70bb97e372d41394df767a91b59

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 23:27:33 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key."

POC

Reference

http://www.theregister.co.uk/2012/07/07/cyberoam_tor_ssl_spying_flap/
http://www.theregister.co.uk/2012/07/07/cyberoam_tor_ssl_spying_flap/

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2012-3372

Description

POC

Reference

Github

1.1 KiB

Raw Blame History