Vulnerability Note VU#378957
VERITAS Backup Exec uses hard-coded authentication credentials
The VERITAS Backup Exec Remote Agent uses hard-coded authentication credentials. An attacker with knowledge of these credentials could access arbitrary files on a vulnerable system.
VERITAS Backup Exec Remote Agent is a data backup and recovery solution with support for over-the-network backup. The standard port for the Remote Agent is 10000/tcp. The VERITAS Backup Exec Remote Agent uses a hard-coded, encrypted root password. An attacker with knowledge of this password and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system. For more information, please refer to SYM05-011.
Note according to public reports, this vulnerability is actively being exploited.
A remote attacker may be able to gain access to, and retrieve arbitrary files from a target system.
Apply a security update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec, Inc.||Affected||12 Aug 2005||22 Sep 2005|
|Veritas Backup-Exec||Affected||-||12 Aug 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Symantec.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2005-2611
- Date Public: 12 Aug 2005
- Date First Published: 12 Aug 2005
- Date Last Updated: 12 Jan 2007
- Severity Metric: 36.98
- Document Revision: 107
If you have feedback, comments, or additional information about this vulnerability, please send us email.