Vigil@nce: RuggedCom ROS, usage of a constant RSA key
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
The RuggedCom ROS system contains a constant RSA key, which is
used to establish SSL sessions.
– Impacted products: RuggedSwitch
– Severity: 2/4
– Creation date: 21/08/2012
DESCRIPTION OF THE VULNERABILITY
A SSL tunnel can be established using a RSA key pair (public and
private). This key pair should be different on each service.
However, the RuggedCom ROS system contains a constant hardcoded
RSA key, which is used to establish SSL sessions.
An attacker who knows the private RSA key can therefore decrypt
SSL exchanges of RuggedCom ROS.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/RuggedCom-ROS-usage-of-a-constant-RSA-key-11879