Cyberoam, a maker of appliances designed to secure sensitive networks, said it has issued an update to fix a flaw that was reported by members of TOR anonymity network.

Cyberoam issued the hotfix on Monday to a variety of its unified threat management tools. The devices, which are used to inspect individual packets entering or exiting an organization's network, previously used the same cryptographic certificate. Researchers with the TOR network recently reported the flaw and said it caused a user to seek a fake certificate for thetorproject.org when one of the DPI (or deep packet inspection) devices was being used to monitor his connection.

"Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key," TOR researcher Runa A. Sandvik wrote in a blog post published last Tuesday. "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device—or to extract the key from the device and import it into other DPI devices, and use those for interception." Someone commenting on the post went on to publish the purported private key used by the Cyberoam certificate.

Monday's post announcing the Cyberoam hotfix suggested competing DPI devices may contain the same vulnerability. "We, at Cyberoam, do understand the critical nature of this issue though we have been singled out and have been put into a situation that requires us to react urgently, keeping our customers' best interest in mind," the post stated. "We think that the industry needs to react to this on an urgent basis so that a deeper crisis is averted." The post didn't name specific devices or manufacturers who may also be vulnerable.

In a post published last week, Cyberoam officials said: "Cyberoam UTM either accepts or rejects, but does not store HTTPS Deep Scan Inspection data, as processing is done in real-time. The possibility of data interception between any two Cyberoam appliances is hence nullified."

Monday's over-the-air fix forcefully generates a unique certificate on each UTM appliance. Customers will know the device has been successfully updated when it displays a "positive alert."

Article updated on July 17, 2012, to correct details about the vulnerability.