Hard-Coded Password Vulnerability in Barracuda Spam Firewall Products
CVE-2006-4001

Currently unrated

Key Information:

Vendor: Barracuda Networks
Status: Barracuda Spam Firewall
Vendor: CVE Published:; 5 August 2006

🔔 Create Barracuda Networks Vulnerability Alert

What is CVE-2006-4001?

The Barracuda Spam Firewall's Login.pm module has a hard-coded password for the guest account, which poses a significant risk. This vulnerability allows attackers to bypass authentication mechanisms, granting unauthorized access to sensitive information such as email logs, potentially compromising email content and even revealing the administrator password. Organizations using versions 3.3.01.001 through 3.3.03.053 should take immediate steps to remediate this vulnerability by updating to patched versions and reviewing their security configurations.

References

http://www.vupen.com/english/advisories/2006/3104

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/442039/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/21258

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2006
Vulnerability Reserved
Aug 4, 2006

JSON