View Single Post
  #1   (View Single Post)  
Old 24th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Backdoors in many Barracuda appliances

From http://h-online.com/-1790947

Quote:
Almost all appliances from Barracuda Networks were delivered with a fixed, preset user account through which, using SSH, you can remotely access the device. The hole is being warned of in an advisoryAustrian link from Austria's CERT.

Security researcher S. Viehboeck from SEC Consult Vulnerability Lab discovered that the /etc/shadow and /etc/password files on the appliances had user accounts with names such as product, support and websupport. These accounts were protected with weak passwords and the researcher says he produced a usable list of passwords in a short time. It is not possible to delete these accounts easily as they appear to be used for remote maintenance.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote