Unrated severityNVD Advisory· Published Mar 12, 2020· Updated Sep 17, 2024
LDAP Credential Exposure in Barracuda Load Balancer ADC
CVE-2019-5648
Description
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
Affected products
2<= v6.4+ 1 more
- (no CPE)range: <= v6.4
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.