This is one of the dumbest things an IT company can do... kind of funny since they're were one the few somewhat reputable advertisers.
Critical SSH Backdoor in multiple Barracuda Networks Products
vulnerable products: Barracuda Spam and Virus Firewall
Barracuda Web Filter
Barracuda Message Archiver
Barracuda Web Application Firewall
Barracuda Link Balancer
Barracuda Load Balancer
Barracuda SSL VPN
...
Vulnerability overview/description:
-----------------------------------
1) Backdoor accounts
Several undocumented operating system user accounts exist on the appliance.
They can be used to gain access to the appliance via the terminal but also
via SSH. (see 2)
These accounts are undocumented and can _not_ be disabled!
2) Remote access via SSH
An SSH daemon runs on the appliance, but network filtering (iptables) is used
to only allow access from whitelisted IP ranges (private and public).
The public ranges include servers run by Barracuda Networks Inc. but also
servers from other, unaffiliated entities - all of whom can access SSH on all
affected Barracuda Networks appliances exposed to the Internet.
-- http://archives.neohapsis.com/archiv...3-01/0221.html
Results 1 to 2 of 2
-
01-24-2013, 03:36 PM #1Maverick
- Join Date
- Dec 2011
- Posts
- 1,712
Show advertiser Barracuda Networks products have secret backdoors
-
01-24-2013, 03:39 PM #2clutch oven champion
- Join Date
- Feb 2012
- Location
- California
- Posts
- 7,884
I have an Indian guy that does my IT
Reply With Quote
Bookmarks