https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130... Vulnerability overview/description: ----------------------------------- 1) Backdoor accounts Several undocumented operating system user accounts exist on the appliance. They can be used to gain access to the appliance via the terminal but also via SSH. (see 2) These accounts are undocumented and can _not_ be disabled! 2) Remote access via SSH An SSH daemon runs on the appliance, but network filtering (iptables) is used to only allow access from whitelisted IP ranges (private and public). The public ranges include servers run by Barracuda Networks Inc. but also servers from other, unaffiliated entities - all of whom can access SSH on all affected Barracuda Networks appliances exposed to the Internet. The backdoor accounts from 1) can be used to gain shell access. This functionality is entirely undocumented and can only be disabled via a hidden 'expert options' dialog (see Workaround).