Several Barracuda firewall, spam filtering, and VPN hardware products were hit with a security exploit this week which allowed user accounts to become compromised.
Those products contained undocumented accounts that allows for easy remote access to several versions of Barracuda’s devices and their access information.
The SSH backdoor is hardcoded into the associated products, and the discovered exploit can be implemented to gain shell access to Barracuda equipment.
On Wednesday, Barracuda issued a medium-level security advisory. The company said that “research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses.”
The company says the issue can be resolved by moving away from “default firewall configuration and default user accounts on the unit.”
The security flaw “is entirely undocumented and can only be disabled via a hidden ‘expert options’ dialog.”
Finding the password is as simple as doing a Google search for generic user names. Once obtained, the information found can be used to log in and gain full remote access to the device’s MySQL database.
The security exploit is only available across a small range of IP addresses, many of which do not belong to Barracuda.
Security experts believe the exploit may have existed since 2003.