Solved

Credentials Store

  • 18 October 2021
  • 9 comments
  • 205 views

Userlevel 6
Badge +3

hi team 

can any you explain me where the veeam Credentials is store? 

if it's store in the sql database is the Credentials is encrypted? 

is it possible to recover Credentials from sql database? 

icon

Best answer by Mildur 18 October 2021, 13:05

View original

9 comments

Userlevel 5
Badge +1

And when you talk about recovery. The credentials stored in the SQL db are included in the VBR config Backup when it's encrypted and thus will be restored together with the rest of the config on a config restore.

Userlevel 7
Badge +4

The store is in the database.

If you are on the backup server, and you are logged in as an admin, you can decrypt every password.

Therefore, the backup server needs to be protected from any thread.

 

Example:

https://forums.veeam.com/post329685.html#p329685

 

Userlevel 7
Badge +5

Hi @Shaokat credentials are stored in the Veeam B&R configuration database and are encrypted with the machine-specific key.

Userlevel 6
Badge +3

one of my customer want to know about this. if any of an access my Credentials from database where my Credentials security? 

Userlevel 7
Badge +4

one of my customer want to know about this. if any of an access my Credentials from database where my Credentials security? 

There are accessible from everyone with admin permission on the backup server. Hackers and Insiders.

They can get all the passwords if they want in plain text after they decrypt them with the machine key.

Userlevel 7
Badge +5

As @Mildur said, yes if you can access to server you can.

Check this, maybe can help you:

https://forums.veeam.com/powershell-f26/pull-credentials-from-sql-database-t18467.html

Userlevel 7
Badge +5

one of my customer want to know about this. if any of an access my Credentials from database where my Credentials security? 

There are accessible from everyone with admin permission on the backup server. Hackers and Insiders.

They can get all the passwords if they want in plain text after they decrypt them with the machine key.

whoami

root

The two lines that define the end of games and IT security :joy:

Userlevel 7
Badge +5

@Shaokat have you solved?

Userlevel 7
Badge +7

my 2 cents here:

As already been said: it is essential to keep VBR server one of the the safest place in you network! When a bad guy enters the server, he has access to any credential stored in DB like:

  • vCenter user
  • Storage admin-accounts - most vendors just support admin-users when it comes to storage integration
  • Windows backup user(s)
  • probably privileged Linux user(s)

Good news: if you use single-use credentials for Hardened Repo server, at least this credential is not stored in DB! 

Comment