Server Misconfiguration discloses passwords of all Barracuda Network Employees
Jul 25, 2013
Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we