Error Message

Sensitive Information Disclosure Vulnerability: Password Stored in Windows Registry

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration.  This vulnerability could provide a Windows user who has sufficient privileges to access a network file system which they were not authorized to access.

Customers under a current maintenance contract can download and install application binaries which mitigate this vulnerability, as described below:

If you are on VSR 18:

• Ensure that your system has been updated to the latest service pack VSR 18 SP4, and
• Download the updated VProSvc.exe ( Version: 18.0.4.57090 ) for your operating system
• Replace the VProSvc.exe on your server and clients with the updated version

If you are on VSR 21:

• Ensure that your system has been updated to the latest service pack VSR 21 SP3, and
• Download the updated VProSvc.exe ( Version: 21.0.3.62140 ) for your operating system
• Replace the VProSvc.exe on your server and clients with the updated version

See the Veritas Download Center for available updates: https://www.veritas.com/support/en_US/downloads