Backdoors Found in Barracuda Networks Products

SEC Consult researchers recently uncovered a major vulnerability in several products from Barracuda Networks. “Several undocumented operating system user accounts exist on the appliance,” the researchers wrote. “They can be used to gain access to the appliance via the terminal but also via SSH.”

“The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username ‘product’ with no password to log in and gain access to the device’s MySQL database,” writes Ars Technica’s Dan Goodin. “While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda. ‘The public ranges include servers run by Barracuda Networks Inc. but also servers from other, unaffiliated entities — all of whom can access SSH on all affected Barracuda Networks appliances exposed to the Internet,’ the advisory explained.”

“According to Barracuda, these accounts are intended for use by remote technical support,” writes Intego’s Lysa Myers. “They have released an update for the affected appliances that tightens the security of most of these support accounts, but it does not remove or secure them entirely.”

“It’s not clear for how long the backdoor accounts have existed in Barracuda’s products, but the researchers found evidence that they have been in place since at least 2003,” writes Krebs on Security’s Brian Krebs. “Also, this thread on the security mailing list Full Disclosure includes some interesting discussion about how these backdoor accounts may have been used.”

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles