Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator.
Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically log into the device by supplying credentials to a secure web-interface.
Barracuda Spam Firewalls version 3.3.01.001 to 3.3.02.053 have a guest account with a fixed username and password. This account can log in to the web interface and can not be restricted by the system's built-in access control lists.
A remote, unauthenticated attacker can view system configuration files or other sensitive data.
Thanks to Greg Sinclair for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2006-08-24|
|Date Last Updated:||2006-08-29 18:30 UTC|