Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Bugs Found In Baked-In Barracuda Backdoors

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 25 Jan 2013 04:07:10 -0600 (CST)
http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/240146954/bugs-found-in-baked-in-barracuda-backdoors.html

By Kelly Jackson Higgins
Dark Reading
Jan 24, 2013
An Austrian researcher discovered flaws in deliberate backdoors built into Barracuda Networks' Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN products. The security vendor today patched the bugs, but left the option up to its customers whether to disable the conduit to their devices.
Steve Powell, vice president of product management at Barracuda, says the special "tunnel" option in the products is for back-end support with the vendor.
"When customers request access to the system, they use the Remote Support Tunnel capability. They call us up, and we can bring up their screens ... with them," Powell says. "They open a remote support capability to do that."
But Sec Consult found the backdoors and vulnerabilities in them as well as authentication bypass flaws in Barracuda's products. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: