AppAssure Product Notification

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide
Return
Vulnerability
Rapid Recovery and DL Series

TLS 1.0 security vulnerabilities are forcing numerous software products to upgrade to a newer, more secure TLS version that contains cryptographic protocol to reduce data security risk. The TLS 1.0 vulnerabilities affect both 5.x AppAssure-branded software versions of Rapid Recovery and DL series products 


How does this affect me?

If you are running a 5.x AppAssure-branded core, you may be vulnerable to the TLS 1.0 version security risk. 

On January 29, 2018, Quest will disable TLS 1.0 on the Rapid Recovery License Portal, at which point any existing 5.x AppAssure cores not on the latest build & patch of 5.4.3 will no longer be able to connect. Additionally, any AppAssure or Rapid Recovery cores running on Windows Vista or earlier OSs will no longer be able to connect to the License portal due to Microsoft TLS version limitations. When a core server is unable to connect to the license portal it will disable further backups from being created. Please note that you will still be able to perform restores from previously created backups. For more information on TLS, please refer to the ‘More Information’ section of this Microsoft Support Notification


Resolution

For customers using AppAssure 5.x and TLS 1.1 supported OS, upgrade to AA 5.4.3 and then you can either:

  1. Install the latest QDPP plugin (recommended) OR 
  2. Install the latest patch P-1812.

For customers unwilling or unable to upgrade, or using TLS non-supported OS’s please contact support for further information. 

NOTE: All RR 6.x builds rely on more advanced cryptology and therefore are not exposed to the related TLS 1.0 security vulnerability. 

Status

For more information on TLS 1.0 exposure when using AppAssure 5.X cores, please review the Knowledge Base article.

We apologize for the inconvenience this issue may cause for you in maintaining your backup environments. Quest is committed to protecting your data security and we will do everything we can to ensure that you are informed on any related product environmental security concerns and that you are protected to the highest known levels when relying on our products, even when cryptographic data transport protocol vulnerabilities like those in TLS 1.0 resides in code outside of our products directly.

Please note our Privacy Policy recently changed to support GDPR. You may read it here. Continuing to use our website indicates you have accepted the new policy.