Barracuda · Barracuda Load Balancer · CVE-2019-5648
**Name of the Vulnerable Software and Affected Versions**
Barracuda Load Balancer ADC versions prior to 6.4
**Description**
The issue allows an authenticated administrative user to modify the LDAP service configuration, potentially exposing LDAP credentials over the network by changing the LDAP server to an attacker-controlled system without requiring re-entry of LDAP credentials.
**Recommendations**
For versions prior to 6.4, update the firmware to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the LDAP service configuration to minimize the risk of exploitation.