I was wondering where Veeam Agent stores it's credentials for accessing SMB shares and/or Veeam repository.
And additionally are those credentials cached in the LSA?
Background: If I setup a dedicated account for accessing a SMB share, will a malware/Trojan be able to read those credentials? Especially credentials in the LSA would be easy to lookup for any kind of malware.
-
Regnor
- VeeaMVP
- Posts: 1007
- Liked: 314 times
- Joined: Jan 31, 2011 11:17 am
- Full Name: Max
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31814
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Are credentials cached in LSA?
The credentials are stored in the same manner as in B&R - in the configuration database, encrypted via CryptoAPI with machine-specific key.
And yes, if malware/trojan (or hacker) somehow gets root access to the server, it will be able to read and decrypt those credentials as well.
And yes, if malware/trojan (or hacker) somehow gets root access to the server, it will be able to read and decrypt those credentials as well.
-
Regnor
- VeeaMVP
- Posts: 1007
- Liked: 314 times
- Joined: Jan 31, 2011 11:17 am
- Full Name: Max
- Contact:
Re: Are credentials cached in LSA?
Ok, I already thought that it was like this.
Thanks Anton.
Thanks Anton.
Who is online
Users browsing this forum: No registered users and 20 guests