Barracuda Networks Information for VU#199348

Barracuda Spam Firewall contains hardcoded default login credentials



Vendor Statement

On August 3, 2006, system settings were delivered to all Barracuda Spam Firewalls in the field via Energize Updates to disable the underlying mechanisms behind these vulnerabilities. As such, no Barracuda Spam Firewalls with current Energize Updates subscriptions should be affected by these vulnerabilities.

As part of the test rollout, these settings were initially delivered with the upgrade to early release firmware on July 14, 2006. These settings were later successfully delivered with the upgrade to generally available firmware on July 18, 2006. While it is generally recommended that customers upgrade to the latest release, these upgrades are no longer necessary for protection against these specific vulnerabilities.

To avoid future vulnerabilities, Barracuda Networks recommends that customers restrict unnecessary external Web access to their Barracuda Spam Firewalls.

For firmware version 3.3.x and earlier: upgrade to firmware version
For firmware version 3.4.x: upgrade to firmware version

For more info:
Phone    +1 408 342 5400, +1 888 Anti-Spam
Standard Phone or Email Technical Support offered 24 x 7.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.