Preventing passwords from appearing in the NetBackup Appliance Web Console

Article: 100045024
Last Published: 2019-03-20
Ratings: 0 0
Product(s): Appliances


Passwords can appear in clear text on screen in the NetBackup Appliance Web Console (web console) after the following sequence of events:

  1. Set and save the settings on the Alerts & Notifications page, either during the initial configuration or when making changes afterwards.
  2. Navigate back to the Alerts & Notifications page, but then access the "Web Developer console" in Firefox.

This problem exists in all NetBackup Appliance software versions from 2.7.3 to 3.1.2.

Note: This issue does not exist on the NetBackup Appliance Shell Menu interfaces.

Error Message

 There is no specific error message for this issue.


The settings flow for SMTP and Callhome Proxy do not mask the passwords in the HTML code. Even though the passwords are masked in the data input fields, the HTML code can be exploited by a user that can log in to the web console and does not have authorization to the SMTP and Proxy credentials.


Emergency Engineering Binaries (EEBs) are available to fix this vulnerability on the following NetBackup Appliance releases:

 2.7.3, 3.0, 3.1, 3.1.1 and 3.1.2. 

The links to download the EEBs are posted on the following Veritas portal:

Download and install the appropriate EEB for your version based on the following EEB file names:

2.7.3: SYMC_NBAPP_EEB_ET3970911-

3.0: NBAPP_EEB_ET3969460-

3.1: NBAPP_EEB_ET3970081-

3.1.1: NBAPP_EEB_ET3970082-

3.1.2: NBAPP_EEB_ET3970083-

Before installing the EEBs, note the following:

  • To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
  • A reboot is not required after EEB installation.
  • If you upgrade your appliance after installing this EEB, you must reinstall the EEB that is associated with the upgraded software version.

For instructions on installing EEBs, refer to article number 000076512 by clicking the Related Articles link on this page.

Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.

  • This vulnerability will be fixed in the next NetBackup Appliance software version after the 3.1.2 release.

Was this content helpful?