Barracuda Networks Information for VU#199348

Barracuda Spam Firewall contains hardcoded default login credentials

Status

Affected

Vendor Statement

On August 3, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind these vulnerabilities. As such, no Barracuda Spam Firewalls with current Energize Updates subscriptions should be affected by these vulnerabilities.

As part of the test rollout, these settings were initially delivered with the upgrade to early release firmware 3.4.05.017 on July 14, 2006. These settings were later successfully delivered with the upgrade to generally available firmware 3.3.03.055 on July 18, 2006. While it is generally recommended that customers upgrade to the latest release, these upgrades are no longer necessary for protection against these specific vulnerabilities.

To avoid future vulnerabilities, Barracuda Networks recommends that customers restrict unnecessary external Web access to their Barracuda Spam Firewalls.

Fix:
For firmware version 3.3.x and earlier: upgrade to firmware version 3.3.03.055
For firmware version 3.4.x: upgrade to firmware version 3.4.05.017

For more info:
Email    support@barracudanetworks.com
Phone    +1 408 342 5400, +1 888 Anti-Spam
Standard Phone or Email Technical Support offered 24 x 7.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.