barracuda networks ssh vulnerability
Post on 18-Jul-2015
462 Views
Preview:
TRANSCRIPT
SSH ExploitCritical SSH Exploit in Barracuda
Appliances, and What You Can Do To Fix It.
Systems Effected
• Barracuda Spam and Virus Firewall
• Barracuda Web Filter
• Barracuda Message Archiver
• Barracuda Web Application Firewall
• Barracuda Link Balancer
• Barracuda Load Balancer
• Barracuda SSL VPN
• ALL VERSIONS
Issue
• Eight default accounts exist
• Used for diagnose by Barracuda on an
appliance
• They cannot be disabled
• Passwords cannot be changed
Exploits
• Account passwords can be broken with
dictionary attack
• The product account can used to create
new users with administrative privileges
• Root access can be obtained
Fix
• Barracuda currently working on patch
• Until then, make sure to load security
definition 2.0.5 (It’s possible the root
account could still be cracked)
• Prevents unauthorized users from SSH to
appliance
Need Help?
• We can help get you up to date
• Visit us at
http://www.gti1.com/about-us/contact-us/
• Join our upcoming webinar (URL below)
to see how we can help with DLP / Email
top related