Original URL: http://www.theregister.co.uk/2005/08/18/veritas_security_snafu/

Mind your back-up

Veritas tells the hole truth

By John Leyden

Posted in Security, 18th August 2005 16:27 GMT

Symantec has warned of a security flaw in its Veritas Backup Exec and NetBackup software products which might be exploited to bypass security restrictions. Hackers are actively exploiting the vulnerability, US-CERT warns.

The vulnerability arises due to the use of a static password when authenticating to a remote agent. This in turn might allow hackers to bypass the authentication process and download arbitrary files from a vulnerable system. Tricky but the availability of publicly available exploits make this process far easier. Users are advised to apply patches, where available, or else restrict access to the service over port 10000/TCP, the standard port for the Remote Agent. ®