Summaryinfo

A vulnerability, which was classified as critical, was found in Barracuda Load Balancer 5.0.0.015. Affected is an unknown function. Executing a manipulation can lead to hard-coded credentials. This vulnerability is registered as CVE-2014-8426. No exploit is available.

Detailsinfo

A vulnerability has been found in Barracuda Load Balancer 5.0.0.015 and classified as critical. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. The CWE definition for the vulnerability is CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.

The weakness was published 01/20/2015 as BNSEC-0006000123 as confirmed mailinglist post (Full-Disclosure). The advisory is shared for download at seclists.org. This vulnerability was named CVE-2014-8426 since 10/22/2014. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1110.001.

The vulnerability is also documented in the vulnerability database at X-Force (100272). Similar entry is available at VDB-68981. Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Barracuda

Name

• Load Balancer

Version

• 5.0.0.015

License

• commercial

Website

• Vendor: https://www.barracuda.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion