Cyberoam DPI devices vulnerable to traffic interception - Update
Researchers from the anonimity-protecting Tor Project received a report from a user who was being served a fake certificate for the Tor web site. After looking into the issue, the researchers found that the user's traffic was being intercepted by a deep packet inspection (DPI) device made by Cyberoam. Further research led them to discover a security vulnerability in the devices that means device users can intercept any traffic routed through any of the company's DPI devices and can also extract the encryption keys for use in other DPI systems.
The researchers discovered that the Cyberoam devices all use the same CA certificate. To have their traffic intercepted by the DPI devices, users have to have the Cyberoam CA manually installed as it is not trusted by any browsers and warnings will be displayed if any of these certificates are being used. This certificate is typically installed by "willing victims" such as corporate employees.
Because the devices all use the same CA certificate, anyone in the possession of one of these devices can intercept traffic from any user accessing the network through a different Cyberoam device. Since all of the devices also include the same private key, this key can be extracted and imported into other DPI systems as well, enabling that same traffic to be intercepted. The Tor researchers contacted Cyberoam with the details of the vulnerability and told the company that they would disclose the flaw publicly a few days later, however the company didn't contact them beyond acknowledging their initial email. More information on the problem can be found in the CVE report filed by the Tor Project.
The Tor researchers recommend that users who are concerned by this issue should check their browsers and see whether any certificates from Cyberoam have been installed.
Update (6/7/12) - In a blog posting, Cyberoam addresses the allegations saying that it is not possible to decrypt the data traffic through a second appliance. It also rules out any means to extract of the private key from the device which could be used to decrypt all traffic.