Warning - those of you using Barracuda Networks products...
Posted: Thu Jan 24, 2013 5:20 pm
A variety of firewall, VPN, and spam filtering products sold by Barracuda Networks contain undocumented backdoor accounts that will allow people to remotely log in and access sensitive information on your system(s). In other words, you probably are not as protected as you think using those products.
The SSH (secure shell) backdoor is hardcoded into multiple Barracuda Networks products and can be used to gain shell access to the system. The products affected are; Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, and Barracuda SSL VPN. Upon testing its been discovered these backdoors have been present in Barracuda Networks products as far back as 2003 and maybe longer, they are exploitable and leave you vunlerable.
You can read the advisory here > https://www.barracudanetworks.com/support/techalerts
A fix has been issued by Barracuda and its recommended you update immediately, read the advisory above.
The SSH (secure shell) backdoor is hardcoded into multiple Barracuda Networks products and can be used to gain shell access to the system. The products affected are; Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, and Barracuda SSL VPN. Upon testing its been discovered these backdoors have been present in Barracuda Networks products as far back as 2003 and maybe longer, they are exploitable and leave you vunlerable.
You can read the advisory here > https://www.barracudanetworks.com/support/techalerts
A fix has been issued by Barracuda and its recommended you update immediately, read the advisory above.