Barracuda appliances susceptible to backdoor access

Share this article:

A slew of products from security provider Barracuda Networks contain a backdoor that could enable outsiders to remotely access accounts and possibly steal information.

Austrian-based advisory firm SEC Consult privately reported the vulnerability to Barracuda in late November. Among the products affected are the Campbell, Calif.-based company's Spam and Virus Firewall, Web Application Firewall, Web Filter and SSL VPN.

On Wednesday, the research firm publicly released details about the threat after Barracuda issued an alert to customers.

According to researchers, there are two issues. First, the products contain "undocumented operating system user accounts," or backdoors. And second, these accounts can be accessed via SSH, or Secure Shell, a protocol that permits encrypted remote login and communication. The IP addresses that can access these appliances are meant to be limited to Barracuda, but that's not the case, according to researchers.

"The public [IP] ranges include servers run by Barracuda...but also servers from other, unaffiliated entities – all of whom can access SSH on all affected Barracuda Networks appliances exposed to the internet," the SEC Consult advisory said.

In its own advisory, Barracuda said the vulnerabilities have been resolved, and that customers should update their "security definitions" to the latest version.

"Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log into a non-privileged account on the appliance from a small set of IP addresses," the advisory said. "The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.