Intercepting Credentials on the Proxy Servers

[williampu]

Hi All,

Apologies if this has been raised before, or if I should raise a support ticket in this regard.
Given the nature of the question, I believe the forum would be a better place to ask this rather than raising a support ticket (happy to raise one if asked).
My IT Security team have raised a question as part of assessing the Veeam Infrastructure Hardening which I have been working on. I have included it below:

"It should be confirmed whether accounts with administrator privileges on Proxy servers are capable of intercepting credentials used to access virtual infrastructure servers."

Hopefully forum members or devs will be able to provide a response so I can provide my IT Security team with an answer.

[Mike Resseler]

Hi William,

I would say the answer is NO. If an admin logs into the proxy, I don't see the possibility how he or she can intercept the credentials that are needed to access the virtual infrastructure or for the VMs when doing guest interaction operations. However, I can't give you a good reason for it at this moment so let me talk to some folks in engineering to give you a better answer here. Note it might take some time before I have the answer

Mike

[Mike Resseler]

Hi William, Unfortunately I have a YES answer for you, it is even in our guide (Mea Culpa, I looked at it this morning and actually overlooked it)

Particularly, backup proxies must be considered the target for compromise. During backup, proxies obtain from the backup server credentials required to access virtual infrastructure servers. A person having administrator privileges on a backup proxy can intercept the credentials and use them to access the virtual infrastructure.

See: https://helpcenter.veeam.com/docs/backu ... tml?ver=95

[williampu]

Thank you for such a prompt reply Mike.
Are there specific methods (like MITM) which are known ways to exploit this?
I'm currently in the middle of implementing security hardening on a Veeam instance right now, so any information on how the exploits can be performed are identified, and procedures created to mitigate the associated risks.

[Gostev]

By injecting into the proxy process and intercepting credentials as they are passed to the hypervisor host? There's really nothing a user with local administrator privileges could not do - any credentials any app (or the OS itself) needs to work with can be intercepted. Because no matter well they are protected at rest, they need to be decrypted before they are actually used. And at this very moment, they can be intercepted.

This is exactly why it is so important to have local administrator privileges to yourself on any computer. There's nothing root cannot do, on any OS.