Vulnerability overview/description:
-----------------------------------
1) Backdoor accounts
Several undocumented operating system user accounts exist on the appliance.
They can be used to gain access to the appliance via the terminal but also�
via SSH. (see 2)
These accounts are undocumented and can _not_ be disabled!
2) Remote access via SSH
An SSH daemon runs on the appliance, but network filtering (iptables) is used
to only allow access from whitelisted IP ranges (private and public).
The public ranges include servers run by Barracuda Networks Inc. but also
servers from other, unaffiliated entities - all of whom can access SSH on all
affected Barracuda Networks appliances exposed to the Internet.
The backdoor accounts from 1) can be used to gain shell access.
This functionality is entirely undocumented and can only be disabled via a
hidden 'expert options' dialog (see Workaround).