Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Device (Intrusion Detection)  >   Sourcefire Intrusion Sensors Vendors:   Sourcefire
Sourcefire 3D Sensor and Defense Center Use Common Private SSL Keys
SecurityTracker Alert ID:  1024092
SecurityTracker URL:
CVE Reference:   CVE-2010-2306   (Links to External Site)
Updated:  Jun 18 2010
Original Entry Date:  Jun 11 2010
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  
Version(s): 3D Sensor 1000, 3D Sensor 2000, 3D Sensor 9900, Defense Center 1000
Description:   A vulnerability was reported in Sourcefire 3D Sensor and Defense Center products. A user with access to one key can access ostensibly protected communications between other devices.

The products use common private SSL keys across multiple devices and installation. A user with access to one copy of the key can use the key to decrypt SSL communications between other devices.

The vendor was notified on June 2, 2010.

An anonymous researcher reported this vulnerability via TippingPoint.

Impact:   A user with access to one copy of the key can use the key to decrypt SSL communications between other devices.
Solution:   The vendor recommends replacing the static keys with custom keys.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability

ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability
June 10, 2010

-- Affected Vendors:

-- Affected Products:
Sourcefire 3D Sensor 1000
Sourcefire 3D Sensor 2000
Sourcefire 3D Sensor 9900
Sourcefire Defense Center 1000

-- Vulnerability Details:
This vulnerability allows remote attackers to decrypt secure socket
layer (SSL) communications directed to multiple Sourcefire products.

The specific flaw exists within the reuse of private SSL keys for
multiple devices and installations. The keypair is stored in
/etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private
key allows an attacker to decrypt and monitor SSL communications with
the target. 

-- Vendor Response:
Sourcefire states:
Mitigation of this problem can be accomplished by replacing the static
keys with custom keys. These instructions can be found in the
installation guide for your product (available on the Sourcefire support

-- Disclosure Timeline:
2010-06-02 - Vulnerability reported to vendor
2010-06-10 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

Follow the ZDI on Twitter:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC