Symantec has warned of a security flaw in its Veritas Backup Exec and NetBackup software products which might be exploited to bypass security restrictions. Hackers are actively exploiting the vulnerability, US-CERT warns.

The vulnerability arises due to the use of a static password when authenticating to a remote agent. This in turn might allow hackers to bypass the authentication process and download arbitrary files from a vulnerable system. Tricky but the availability of publicly available exploits make this process far easier. Users are advised to apply patches, where available, or else restrict access to the service over port 10000/TCP, the standard port for the Remote Agent. ®

Related stories

• Symantec to cleanse remote offices of tape demons (6 April 2006)
• Security flaws on the rise, questions remain (9 January 2006)
• Federal flaw database commits to grading system (4 December 2005)
• Symantec snaps up compliance specialist Sygate (17 August 2005)
• Merged Symantec takes time out to harmonise licensing (4 August 2005)
• Personal storage sites are a 'safe haven for hackers' (27 July 2005)
• Quocirca’s Changing Channels Security and backup for Small.biz (7 June 2005)