[ISN] Bugs Found In Baked-In Barracuda Backdoors

http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/240146954/bugs-found-in-baked-in-barracuda-backdoors.html By Kelly Jackson Higgins Dark Reading Jan 24, 2013 An Austrian researcher discovered flaws in deliberate backdoors built into Barracuda Networks’ Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN products. The security vendor today patched the bugs, but left the option up to its customers whether to disable the conduit to their devices. Steve Powell, vice president of product management at Barracuda, says the special “tunnel” option in the products is for back-end support with the vendor. “When customers request access to the system, they use the Remote Support Tunnel capability. They call us up, and we can bring up their screens … with them,” Powell says. “They open a remote support capability to do that.” But Sec Consult found the backdoors and vulnerabilities in them as well as authentication bypass flaws in Barracuda’s products. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org