N2WS-18738 - Password saved as plain text for Recovery Scenario target added via RestAPI

N2WS-18738 - Password saved as plain text for Recovery Scenario target added via RestAPI

Issue:

When creating Recovery Scenario(CPM v3.0 and up) and adding a backup target via Rest API, it will save the following details as plain text
  1. Proxy password for S3 instance recovery if used
  2. IAM AWS Secret Key when providing alternate Credential


Interim resolution until solution applied
  1. Delete the effected recovery target from the recovery scenario
  2. or remove the proxy details and configure matching S3 worker configuration

Solution:
Upgrade to v4.0


Click here to go back to the Release notes: Release notes for the latest v3.2.x CPM release

    • Related Articles

    • How to reset the password for the root/admin CPM user

      If you know the username of the root/admin user: You can follow the "upgrade" procedure in see chapter 1.3.5 "Upgrading the CPM Server Instance" in our User Guide at https://n2ws.gitbook.io/documentation/#1-3-5-upgrading-the-n-2-ws-server-instance ...
    • Troubleshooting File Level Recovery (FLR) 3.2

      Background: File-level recovery requires N2WS to launch temporary worker instance in the target region. The worker will read the snapshot directly or recover volumes in the background and attach them to a ‘worker’ instance launched for the operation. ...
    • EBS/RDS DR & Recovery with KMS key

      When copying cross account an EBS/RDS Volume encrypted with custom KMS,  A KMS key should also be available in the other account. There are 2 ways that CPM uses for checking KMS key - Alias & Tag   KMS Tag When using custom tag,  you are telling CPM ...
    • Recovery of an encrypted volume may fail: "Not authorized to use key"

      Performing a cross account recovery of an encrypted volume, or of an instance containing an encrypted volume may not work if the target account cannot access the encryption key from the source account. Error may appear in the CPM Server log as below: ...
    • A clarification about the "debian-sys-maint" vulnerability reported by AWS Marketplace

      You may have received an email from the AWS Marketplace indicating a possible vulnerability in Cloud Protection Manager. The content of that email is included at the bottom of this article.   IMPORTANT: Your data was not breached and is not in any ...