‘Multiple Sourcefire Products Static Web SSL Keys Vulnerability’
‘The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-107/‘
* Sourcefire 3D Sensor 1000
* Sourcefire 3D Sensor 2000
* Sourcefire 3D Senor 9900
* Sourcefire Defense Center 1000
The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private key allows an attacker to decrypt and monitor SSL communications with the target.
Mitigation of this problem can be accomplished by replacing the static keys with custom keys. These instructions can be found in the installation guide for your product (available on the Sourcefire support site).
2010-06-02 – Vulnerability reported to vendor
2010-06-10 – Coordinated public release of advisory’