barracuda networks ssh vulnerability
TRANSCRIPT
![Page 1: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/1.jpg)
SSH ExploitCritical SSH Exploit in Barracuda
Appliances, and What You Can Do To Fix It.
![Page 2: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/2.jpg)
Systems Effected
• Barracuda Spam and Virus Firewall
• Barracuda Web Filter
• Barracuda Message Archiver
• Barracuda Web Application Firewall
• Barracuda Link Balancer
• Barracuda Load Balancer
• Barracuda SSL VPN
• ALL VERSIONS
![Page 3: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/3.jpg)
Issue
• Eight default accounts exist
• Used for diagnose by Barracuda on an
appliance
• They cannot be disabled
• Passwords cannot be changed
![Page 4: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/4.jpg)
Exploits
• Account passwords can be broken with
dictionary attack
• The product account can used to create
new users with administrative privileges
• Root access can be obtained
![Page 5: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/5.jpg)
Fix
• Barracuda currently working on patch
• Until then, make sure to load security
definition 2.0.5 (It’s possible the root
account could still be cracked)
• Prevents unauthorized users from SSH to
appliance
![Page 6: Barracuda Networks SSH Vulnerability](https://reader036.vdocuments.us/reader036/viewer/2022071710/55aa3c401a28ab282a8b4854/html5/thumbnails/6.jpg)
Need Help?
• We can help get you up to date
• Visit us at
http://www.gti1.com/about-us/contact-us/
• Join our upcoming webinar (URL below)
to see how we can help with DLP / Email