Cyberoam, a maker of appliances designed to secure sensitive networks, said it has issued an update to fix a flaw that could be used to intercept communications sent over the TOR anonymity network. Cyberoam issued the hotfix on Monday to a variety of its unified threat management tools. The devices, which are used to inspect individual packets entering or exiting an organization’s network, previously used the same cryptographic certificate. Researchers with the TOR network recently reported the flaw and said it caused a user to seek a fake certificate for thetorproject.org when one of the DPI (or deep packet inspection) devices was being used to monitor his connection. “Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key,” TOR researcher Runa A. Sandvik wrote in a blog post published last Tuesday .

More:
Deep packet inspection device purged of flaw that threatened TOR users