AAPL Stock: 110.38 ( + 0.8 )

Printed from

Exploit found in some Barracuda firewalls, VPN hardware

updated 09:44 pm EST, Thu January 24, 2013

Flaw allows remote access to MySQL database in equipment

According to Austrian security researchers SEC Consult Vulnerability Lab, an assortment of firewall, spam filtering, and VPN hardware made by Barracuda contain undocumented accounts that allow hackers to remotely log into the devices and access information. The SSH backdoor is hardcoded into the products, and can be used to gain shell access to the equipment, according to the published advisory.

The researchers claim that the security flaw "is entirely undocumented and can only be disabled via a hidden 'expert options' dialog." A very weak password which Electronista found with a Google search is used to secure the device in conjunction with a generic user name. The combination allows login and full remote access to the device's MySQL database. The exploits are accessible by a small range of IP addresses -- many of which don't belong to Barracuda but can be spoofed with the right software attack in any event. The exploit has possibly existed since 2003.

On Wednesday, Barracuda issued its own "medium"-level security advisory, saying that "research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses" They called the vulnerabilities the result of "default firewall configuration and default user accounts on the unit" and have issued firmware updates to patch the issue.

by MacNN Staff





Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented