Printed from http://www.electronista.com

Exploit found in some Barracuda firewalls, VPN hardware

updated 09:44 pm EST, Thu January 24, 2013

Flaw allows remote access to MySQL database in equipment

According to Austrian security researchers SEC Consult Vulnerability Lab, an assortment of firewall, spam filtering, and VPN hardware made by Barracuda contain undocumented accounts that allow hackers to remotely log into the devices and access information. The SSH backdoor is hardcoded into the products, and can be used to gain shell access to the equipment, according to the published advisory.

The researchers claim that the security flaw "is entirely undocumented and can only be disabled via a hidden 'expert options' dialog." A very weak password which Electronista found with a Google search is used to secure the device in conjunction with a generic user name. The combination allows login and full remote access to the device's MySQL database. The exploits are accessible by a small range of IP addresses -- many of which don't belong to Barracuda but can be spoofed with the right software attack in any event. The exploit has possibly existed since 2003.

On Wednesday, Barracuda issued its own "medium"-level security advisory, saying that "research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses" They called the vulnerabilities the result of "default firewall configuration and default user accounts on the unit" and have issued firmware updates to patch the issue.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News