Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Barracuda "Back Door" InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Barracuda "Back Door"

Published: 2013-01-24
Last Updated: 2013-01-25 14:07:59 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

According to Austrian security company SEC Consult, several Barracuda products include a non-documented backdoor. The accounts affected are installed by default and can not be disabled. An attacker could use either SSH, or local console access, to log in using these account.

SEC Consult was able to crack some of the passwords for these accounts using the shadow file. The accounts do also have authorized ssh keys defined, but of course, it would be pretty hard to find the associated private key.

This issue affects various Barracuda products.

Default iptables firewall rules block access to port 22 from public IP addresses. But it appears that certain local networks are free to connect to port 22.

Barracuda published an alert rating this problem as "medium" [2]

[1] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt
[2] https://www.barracudanetworks.com/support/techalerts

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
3 comment(s)
Diary Archives