-
Title
SSL Vulnerabilities and NetVault Backup -
Description
Is NetVault Backup aware of the SSL vulnerabilities? How are these vulnerabilities being taken cared of? -
Resolution
WORKAROUND
None
STATUS
The following change request or bugs were raised and waiting for fix in a future release of NetVault Backup.1. For XSS (Cross site scripting):
Change request/Bug ID NVBU-17750 NVBU-17747 - Fixed in release v12.1
2.Insecure SSL/TLS renegotiation handshakes which were vulnerable to man-in-the-middle
No bug ID but is fixed in release v11.0
3.Medium strength, RC4 and IDEA based SSL cipher suites :
Change request/Bug ID NVBU-13464 - CVE-2013-2566 : TLS/SSL RC4 vulnerability - Fixed in release v10.0.5
4. Application allows its content to be embedded into untrusted site. This vulnerability is known as clickjacking.
Change request/Bug ID NVBU-13462 : Clickjacking Attack. - Fixed in release v11.0The latest version of NetVault Backup can be downloaded from the download page below:
https://support.quest.com/netvault-backup
-
Defect ID
30314, 26289, 30313 -
Additional Information
Some issues have been resolved. Please check Release Notes for specific issues.