January 24, 2013

Backdoors in many Barracuda appliances

Barracuda logoAlmost all appliances from Barracuda Networks were delivered with a fixed, preset user account through which, using SSH, you can remotely access the device. The hole is being warned of in an advisoryAustrian link from Austria's CERT. Security researcher S. Viehboeck from SEC Consult Vulnerability Lab discovered that the /etc/shadow and /etc/password files on the appliances had user accounts with names such as product, support and websupport. These accounts were protected with weak passwords...Read more at The H