Barracuda "Back Door"
According to Austrian security company SEC Consult, several Barracuda products include a non-documented backdoor. The accounts affected are installed by default and can not be disabled. An attacker could use either SSH, or local console access, to log in using these account.
SEC Consult was able to crack some of the passwords for these accounts using the shadow file. The accounts do also have authorized ssh keys defined, but of course, it would be pretty hard to find the associated private key.
This issue affects various Barracuda products.
Default iptables firewall rules block access to port 22 from public IP addresses. But it appears that certain local networks are free to connect to port 22.
Barracuda published an alert rating this problem as "medium" [2]
[1] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
[2] https://www.barracudanetworks.com/support/techalerts
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected. Customers are advised to update their Security Definitions to v2.0.5 immediately.
John
Jan 24th 2013
1 decade ago
Issue 2.0.5: Resolved issue discovered by Stefan Viehboeck, SEC Consulting (sec-consulting.com) that could result in unauthorized access to Barracuda appliances from the default, limited set of ip addresses shipped with the Barracuda appliances for support purposes. While this update drastically minimizes any potential attack vectors, our support department is available to answer any questions on fully disabling this functionality if support access is not desired.
John
Jan 24th 2013
1 decade ago
jdustin
Jan 31st 2013
1 decade ago