CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 5CVE-2014-2595 – Barracuda Web Application Firewall - Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. Barracuda Web Application Firewall (WAF) versión 7.8.1.013, permite a atacantes remotos omitir la autenticación mediante el aprovechamiento un token de autenticación permanente obtenido desde una cadena de consulta. It is possible to re-use a link which includes a non-expiring authentication token in the query string to gain access to the interface of the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013. • https://www.exploit-db.com/exploits/39278 http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html http://seclists.org/fulldisclosure/2014/Aug/5 http://www.osvdb.org/109782 https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595 https://www.securityfocus.com/bid/69028 • CWE-613: Insufficient Session Expiration •