VERITAS Backup Exec RestrictAnonymous Requirement SAM Information Disclosure
Local Access Required,
Remote / Network Access
Loss of Confidentiality
Veritas Backup Exec contains a flaw that may lead to an unauthorized information disclosure. The issue is based on the requirement for the "RestrictAnonymous" registry key to be set to 0, creating a loss of confidentiality and allowing anonymous listing of the SAM database and all associated shared folders and files.
Upgrade to version 8.6 or higher, as it has been reported to fix this vulnerability. Post upgrade, ensure that the "RestrictAnonymous" registry key is set to 1.