Saturday, January 26, 2013

HOW COULD THIS HAVE HAPPENED?

I've heard ads for Barracuda internet security products on local radio stations and until now, I've never heard anything negative about the company but this seems to be criminal negligence:
Backdoor accounts found in networking and security appliances from Barracuda Networks
Attackers can use the accounts to gain root access on the devices from certain IP address ranges, researchers say
By Lucian Constantin, IDG News Service
January 24, 2013 09:46 PM ET

A variety of networking and security appliances from Barracuda Networks contain backdoor accounts that could allow attackers to log in remotely over SSH (Secure Shell) and gain administrative, or root, access on the devices.

These accounts are not documented, they cannot be removed and can be accessed over SSH, they said in a security advisory published Thursday.

Furthermore, the appliances are configured by default to accept SSH connections from certain ranges of public IP addresses. Some servers located in those IP ranges are owned by Barracuda Networks, but others are owned by third-party organizations and individuals.

An attacker who compromises any server from the whitelisted IP ranges can gain administrative rights on Barracuda Networks appliances connected to the Internet by using the backdoor accounts, the SEC Consult researchers warned.

Barracuda Networks acknowledged the problem on Wednesday and advised customers to update the Security Definitions on their devices to version 2.0.5 immediately.

No comments: