Undocumented accounts allow attackers to gain root access to appliances
Experts from SEC Consult Vulnerability Lab have identified a critical SSH backdoor which affects several Barracuda Networks products, including the Spam and Virus Firewall, Message Archiver, SSL VPN and Web Application Firewall.According to researchers, cybercriminals could use several undocumented user accounts to gain root access to the appliances via SSH or via the terminal.
And there’s another issue. The SSH daemon which runs on the appliances is configured to allow connections only from whitelisted IP address ranges belonging to Barracuda and other unaffiliated entities.
The problem is that all these unaffiliated entities can access SSH on all the affected Barracuda appliances that are connected to the Internet.
Barracuda has taken some steps toward addressing the issues, but SEC Consult Vulnerability Lab says that they haven’t completely patched the security holes.