Barracuda Spam Firewall Hashed Password Disclosure
Barracuda Spam Firewall Hashed Password DisclosureOSVDB ID: 20879
Disclosure Date: Nov 16, 2005
Description:
Barracuda Spam Firewall contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an end user interacts with the system, which may disclose the user's encoded password in the URL. The encoded password is transmitted without the protection of SSL encryption, but would require an attacker to sniff the connection to obtain the information.
Vulnerability Classification:
Remote/Network Access Required
Cryptographic Attack
Information Disclosure Attack
Loss Of Confidentiality
Exploit Available
Verified
Concern
Products:
Barracuda Networks Barracuda Spam Firewall 3.1.17
Solution:
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
External References:
Related OSVDB ID: 20878
Vendor: Barracuda Networks
Other Advisory URL: http://osvdb.org/ref/20/20879-barracuda.txt
Credit:
security curmudgeon - attrition.org
Labels: Advisory, Appliance, Email, Spam, Vulnerability