NETGEAR recently issued a security advisory about a Transport Layer Security (TLS) certificate private key disclosure vulnerability on several of its routers. And this is apparently not the first time the company left TLS certificates and private keys exposed in their wireless router firmware.
The certificates and their private keys were embedded into the software, which was available to download for free on a public website where anyone could find it, and with a little skill read the private key. The keys could be used to intercept and tamper with secure connections (man-in-the-middle attacks) and essentially, any of the compromised routers can be hijacked.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Mark Thompson, VP of Product Management, provides expert commentary at @Information Security Buzz.
"NETGEAR should store these private keys in a secure HSM...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/netgear-tls-certs-exposure-expert-source
Facebook Message
@Mark Thompson, VP of Product Management, provides expert commentary at @Information Security Buzz.
"NETGEAR should store these private keys in a secure HSM...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/netgear-tls-certs-exposure-expert-source