DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,118
Thanked 182 Times in 149 Posts
Default Backdoors in many Barracuda appliances

From http://h-online.com/-1790947

Quote:
Almost all appliances from Barracuda Networks were delivered with a fixed, preset user account through which, using SSH, you can remotely access the device. The hole is being warned of in an advisoryAustrian link from Austria's CERT.

Security researcher S. Viehboeck from SEC Consult Vulnerability Lab discovered that the /etc/shadow and /etc/password files on the appliances had user accounts with names such as product, support and websupport. These accounts were protected with weak passwords and the researcher says he produced a usable list of passwords in a short time. It is not possible to delete these accounts easily as they appear to be used for remote maintenance.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH private key gives attackers access to BIG-IP appliances J65nko News 0 13th June 2012 12:55 PM
Other Spontaneous worldwide reboot of Check Point appliances J65nko News 0 3rd November 2010 05:49 PM
Ingres strikes back at Microsoft and Oracle iron appliances J65nko News 0 9th June 2010 06:45 PM
FreeBSD 8.0-CURRENT (amd64 & i386) VMware Virtual Appliances Available glarkin_at_FreeBSD FreeBSD Installation and Upgrading 1 3rd December 2008 08:49 AM


All times are GMT. The time now is 07:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick