Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials.
The Egyptian information security advisor Ebrahim Hegazy(@Zigoo0) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data.
When the system administrator needs to protect a directory with a second authentication layer (basic authentication) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password
In normal scenarios the .htpasswd file should be stored outside the web directory (e.g. C:\AnyName\.htpasswd)
But in Barracuda issue the file was stored inside the admin panel directory and was accessible by anyone with serious repercussion.
If the user directly accesses the following link http://updates.cudasvc.com/admin/.htpasswd ,he will be able to disclose the passwords of all Barracuda Network Employees such as: Support, Sales, UK Branch employees, Update server users, Engineers and more of those who have access to the basic authentication layer![...]