Softpedia – (International) Experts find filter bypass vulnerabilities in Barracuda appliances. Security researchers from Vulnerability Lab identified a serious security hole that could affect many companies that rely on Barracuda products. They discovered a high severity validation filter and exception handling bypass vulnerability in Barracuda's appliances.
According to experts, the input filter designed to block persistent input attacks is flawed, exposing all security appliances. The vulnerable modules — Account MyResource Display and File Upload — persistently execute the saved URL path (which can be a malicious code). The researchers said the flaw can be fixed by parsing the second input request of the "file upload" function and the path URL request.
To demonstrate their findings, the experts published a proof-of-concept video that shows how a local attacker can bypass the input filter in Barracuda SSL VPN to execute code persistently. Barracuda Networks was notified of the issues sometime in May, but it is uncertain when a patch will be made available.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.