The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance does not allow import or export of the foresaid private key.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cyberoam_unified_threat_management | Elitecore | * | * |