SSH ExploitCritical SSH Exploit in BarracudaAppliances, and What You Can Do To Fix It.
• Barracuda Spam and Virus Firewall• Barracuda Web Filter• Barracuda Message Archiver• Barracuda Web Application Firewall• Barracuda Link Balancer• Barracuda Load Balancer• Barracuda SSL VPN• ALL VERSIONSSystems Effected
• Eight default accounts exist• Used for diagnose by Barracuda on an appliance• They cannot be disabled• Passwords cannot be changedIssue
• Account passwords can be broken with dictionary attack• The product account can used to create new users with administrative privileges• Root access can be obtainedExploits
• Barracuda currently working on patch• Until then, make sure to load security definition 2.0.5 (It’s possible the root account could still be cracked)• Prevents unauthorized users from SSH to applianceFix
• We can help get you up to date• Visit us athttp://www.gti1.com/about-us/contact-us/• Join our upcoming webinar (URL below) to see how we can help with DLP / EmailNeed Help?