Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SSR 2013 Password Protection

Created: 07 Jan 2014 | 3 comments
I have been evaluating a trial version and have created some password protected and encrypted backups.
 
If I double-click one of the .v2i files, I'm prompted to enter the password (as expected).
 
However, if I double-click the .sv21 file, the SSR 2013 Granular Restore Option window opens and I am able to recover the password protected and encrypted files WITHOUT being prompted for a password!!!
 
This is VERY disturbing! Can someone explain this?
 
Alan
 
Operating Systems:

Comments 3 CommentsJump to latest comment

Chris Riley's picture

I wonder if this is the issue you are seeing?

http://www.symantec.com/docs/TECH154882

To confirm this, delete the following file and try again to see if you are asked for a password when opening the sv2i file:

\Documents and Settings\All Users\Application Data\Symantec\RPAM\RPAM_Cache.dat

Gonad's picture

Chris,

That's exactly the problem I'm seeing and it looks like it's been known for several years!

It's a serious security issue for those of us with sensitive data to protect.

I can't believe that Symantec know about it and yet have done nothing to fix it.

BTW I can't find RPAM_Cache.dat anywhere.

Alan

Chris Riley's picture

You are right, this has been an issue for a few years now. I have raised this internally again but ultimately the decision to fix (or not) is out of my control.

One thing that is worth mentioning is this; my understanding is that the password is cached on a per-user basis. In other words, if user A logs in and provides the password, it gets cached. If user B logs into the same machine and tries to access the recovery point, they will be prompted for the password.

I don't know the exact scenario for your environment but maybe this makes it less of a security threat for you. Let me know if you have any additional questions or comments.

Chris