Problem
Passwords can appear in clear text on screen in the NetBackup Appliance Web Console (web console) after the following sequence of events:
- Set and save the settings on the Alerts & Notifications page, either during the initial configuration or when making changes afterwards.
- Navigate back to the Alerts & Notifications page, but then access the "Web Developer console" in Firefox.
This problem exists in all NetBackup Appliance software versions from 2.7.3 to 3.1.2.
Note: This issue does not exist on the NetBackup Appliance Shell Menu interfaces.
Error Message
There is no specific error message for this issue.
Cause
The settings flow for SMTP and Callhome Proxy do not mask the passwords in the HTML code. Even though the passwords are masked in the data input fields, the HTML code can be exploited by a user that can log in to the web console and does not have authorization to the SMTP and Proxy credentials.
Solution
2.7.3, 3.0, 3.1, 3.1.1 and 3.1.2.
The links to download the EEBs are posted on the following Veritas portal: https://sort.veritas.com/patch_dp
Download and install the appropriate EEB for your version based on the following EEB file names:
2.7.3: SYMC_NBAPP_EEB_ET3970911-2.7.3.0-1.x86_64.rpm
3.0: NBAPP_EEB_ET3969460-3.0.0.0-2.x86_64.rpm
3.1: NBAPP_EEB_ET3970081-3.1.0.0-1.x86_64.rpm
3.1.1: NBAPP_EEB_ET3970082-3.1.1.0-1.x86_64.rpm
3.1.2: NBAPP_EEB_ET3970083-3.1.2.0-1.x86_64.rpm
Before installing the EEBs, note the following:
- To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
- A reboot is not required after EEB installation.
- If you upgrade your appliance after installing this EEB, you must reinstall the EEB that is associated with the upgraded software version.
For instructions on installing EEBs, refer to article number 000076512 by clicking the Related Articles link on this page.
Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.
- This vulnerability will be fixed in the next NetBackup Appliance software version after the 3.1.2 release.
Ähnliche Knowledge-Base-Artikel
War dieser Inhalt hilfreich?
Übersetzter Inhalt
Bitte beachten Sie, dass dieses Dokument aus dem Englischen übersetzt wurde und es sich möglicherweise um eine Maschinenübersetzung handelt. Es ist möglich, dass nach Übersetzung und Veröffentlichung dieses Dokuments Aktualisierungen der ursprünglichen Version vorgenommen wurden. Veritas übernimmt keine Garantie für die Genauigkeit hinsichtlich der Vollständigkeit der Übersetzung. Sie können auch die englische Version dieses Supportdatenbank-Artikels heranziehen, um aktuelle Informationen zu erhalten.