Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Backdoor accounts found in networking and security appliances from Barracuda Networks

Attackers can use the accounts to gain root access on the devices from certain IP address ranges, researchers say

A variety of networking and security appliances from Barracuda Networks contain backdoor accounts that could allow attackers to log in remotely over SSH (Secure Shell) and gain administrative, or root, access on the devices.

The backdoor accounts were discovered by security researchers from Austria-based security firm SEC Consult. These accounts are not documented, they cannot be removed and can be accessed over SSH, they said in a security advisory published Thursday.

Furthermore, the appliances are configured by default to accept SSH connections from certain ranges of public IP addresses. Some servers located in those IP ranges are owned by Barracuda Networks, but others are owned by third-party organizations and individuals.

An attacker who compromises any server from the whitelisted IP ranges can gain administrative rights on Barracuda Networks appliances connected to the Internet by using the backdoor accounts, the SEC Consult researchers warned.

For example, one particular backdoor account called "product" can be used to log into a Barracuda appliance, access its MySQL database without a password and add new administrative users to the device's configuration, the researchers said. On the Barracuda SSL VPN appliance it was also possible to enable diagnostic or debugging functionality which could be used to gain root access, they said.

Barracuda Networks acknowledged the problem on Wednesday and advised customers to update the Security Definitions on their devices to version 2.0.5 immediately.

"Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log into a non-privileged account on the appliance from a small set of IP addresses," the company said in an advisory on its website.

According to the company, all appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected. This includes: Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN.

The company noted that the security definitions update "drastically minimizes potential attack vectors," but advised customers who want to disable the remote support access functionality completely to contact its technical support department.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Barracuda Networks, MySQL, SEC, SSH
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: firewalls, patches, intrusion, security, Networking, Barracuda Networks, Exploits / vulnerabilities
Latest Blog Posts
Whitepapers
  • Stop Paying the Earth for Global Roaming
    Why do we continue to pay the earth for global roaming? With Telstra increasing global roaming charges by 100-500% in over 180 countries, bill shock can only get worse. This paper investigates why, what and how your company can address the need for global coverage.
    Learn more »
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • Rebranded Quadmark revamps its IT solutions with Google Apps
    The Singapore office was using Exchange as its email server but encountered various issues such as storage capacity limitations and difficulty in managing spam. Adding new users to the server was also a hassle that often required a third party vendor, resulting in a waste of time and resources. Quadmark also experienced email performance issues that slowed down their employees’ response time, leading to frustration among staff and clients. Quadmark’s management felt that it was unacceptable to continue it’s current solution and thus decided to streamline its IT infrastructure alongside its rebranding plans. The business wanted a unified and consolidated email service for its various offices. Quadmark also wanted to be able to house files and documents on the cloud.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO