2024-12-04 01:06:04
hackerone
PUBLISHED
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attackers side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.