Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
17 May 2004 Closed High
Some Blue Coat Products have a problem that can result in revealing the private key associated with an imported certificate.
Importing a private key through the web-based administrative interface (the management console) results in the private key and its pass-phrase being logged in cleartext on the device. Certain device configurations or administrator actions can result in this information being revealed outside the appliance.
Note that importing a private key via the command-line interface does not expose the private key - this problem is specific to the browser-based interface.
Customers using these products that have imported a private key through the web-based administrative interface should be aware that the key may have been compromised and are advised to generate a new key pair and certificate, and to replace the existing key pair/certificate with the new one. The existing certificate should be revoked; customers should contact their certificate authority for revocation requirements and procedures.
The new key should be imported via the command line interface if using one of the affected releases.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.