Vulnerabilities > CVE-2014-2595 - Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

barracuda

CWE-613

critical

exploit available

NVD

Published: 2020-02-12

Updated: 2020-02-20

Summary

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

Vulnerable Configurations

Part	Description	Count
Application	Barracuda Barracuda WEB Application Firewall 7.8.1.013	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Exploit-Db

description	Barracuda Web Application Firewall Authentication Bypass Vulnerability. CVE-2014-2595. Remote exploit for hardware platform
id	EDB-ID:39278
last seen	2016-02-04
modified	2014-08-04
published	2014-08-04
reporter	Nick Hayes
source	https://www.exploit-db.com/download/39278/
title	Barracuda Web Application Firewall Authentication Bypass Vulnerability

Packetstorm

data source	https://packetstormsecurity.com/files/download/127740/barracuda-bypass.txt
id	PACKETSTORM:127740
last seen	2016-12-05
published	2014-08-04
reporter	Nick Hayes
source	https://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html
title	Barracuda WAF Authentication Bypass

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References