Devices from Barracuda Networks, which in many corporate environments are used, contain backdoors that were intended for the manufacturer. However, they were also easy to abuse by others. A patch solves the problem partially.
The problem was in multiple devices from Barracuda Networks, including servers that are running web filtering, firewalls, and vpn’s running. That writes beveiligingsjournalist Brian Krebs. The devices contain a backdoor ssh account through which Barracuda Networks remotely on the machine could log in. On one of the ‘backdoor accounts have no password to be filled in, only the username is “product”. It went to an undocumented account; who is a Barracuda system bought, was not told that this a such a ssh-account contained.
Log in to the account could only be from a certain ip-range, ip-addresses, Barracuda Networks part. Austrian researchers found, however, that Barracuda Networks is not the only company that use ip-addresses in this range: hundreds of other companies occupy also ip addresses in that range. That could without much difficulty, remote log-in on Barracuda-systems. That account made it possible to log in as root on MySQL.
The problem has been resolved: on the ssh-account “product” can no longer be logged in. The researchers signs, however, that there is a pre-configured ssh account is, that Barracuda can log in. That account can not be deleted; however, according to Barracuda, it is necessary for ‘customer service’. A researcher put there, remarks: “In secure environments it is highly undesirable as servers, backdoors containing”, he writes, “even if it is only for the manufacturer are accessible.”