Vulnerability Note VU#199348
Barracuda Spam Firewall contains hardcoded default login credentials
Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator.
Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically log into the device by supplying credentials to a secure web-interface.
Barracuda Spam Firewalls version 3.3.01.001 to 3.3.02.053 have a guest account with a fixed username and password. This account can log in to the web interface and can not be restricted by the system's built-in access control lists.
A remote, unauthenticated attacker can view system configuration files or other sensitive data.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Barracuda Networks||Affected||-||24 Aug 2006|
CVSS Metrics (Learn More)
Thanks to Greg Sinclair for reporting this vulnerability.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-4082
- Date Public: 01 Aug 2006
- Date First Published: 24 Aug 2006
- Date Last Updated: 29 Aug 2006
- Severity Metric: 2.56
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.