Rapid7 Vulnerability & Exploit Database

VERITAS Backup Exec / NetBackup Static Password Vulnerability

Back to Search

VERITAS Backup Exec / NetBackup Static Password Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/12/2005
Created
07/25/2018
Added
01/14/2009
Modified
02/13/2015

Description

VERITAS Backup Exec and NetBackup are affected by a remote access vulnerability allowing unauthorized access and downloading of arbitrary files. An encrypted but static password is transferred during the authentication process between the agent and the server that, when properly manipulated can be leveraged to gain remote access to the application and download arbitrary files from and to the backup server.

Solution(s)

  • fix-ndmp-backup-exec-static-password

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;