SSR 2013 Password Protection

I have been evaluating a trial version and have created some password protected and encrypted backups.
If I double-click one of the .v2i files, I'm prompted to enter the password (as expected).
However, if I double-click the .sv21 file, the SSR 2013 Granular Restore Option window opens and I am able to recover the password protected and encrypted files WITHOUT being prompted for a password!!!
This is VERY disturbing! Can someone explain this?
3 Replies

I wonder if this is the issue

I wonder if this is the issue you are seeing?


To confirm this, delete the following file and try again to see if you are asked for a password when opening the sv2i file:

\Documents and Settings\All Users\Application Data\Symantec\RPAM\RPAM_Cache.dat


Chris, That's exactly the

Chris, That's exactly the problem I'm seeing and it looks like it's been known for several years! It's a serious security issue for those of us with sensitive data to protect. I can't believe that Symantec know about it and yet have done nothing to fix it. BTW I can't find RPAM_Cache.dat anywhere. Alan

You are right, this has been

You are right, this has been an issue for a few years now. I have raised this internally again but ultimately the decision to fix (or not) is out of my control.

One thing that is worth mentioning is this; my understanding is that the password is cached on a per-user basis. In other words, if user A logs in and provides the password, it gets cached. If user B logs into the same machine and tries to access the recovery point, they will be prompted for the password.

I don't know the exact scenario for your environment but maybe this makes it less of a security threat for you. Let me know if you have any additional questions or comments.