I was testing VMware Data Recovery and I found something may disclose to security leak.

Basically my VMware Data Recovery configuration are mounted on Linux Samba network share at “\\xx.xx.xx.44\oper” and “\\xx.xx.xx.44\share” as you can see below.

VDR Network Share


Without future changes make on VDR appliance box, I can easily login with default userID: root and followed by standard Linux command: mount and I can found network share password display on the screen which mean password disclose here.

VMware Data Recovery Mount

Personally I do not think this is the best way due to security reason and I would suggest VMware engineer make according changes on it. Please correct me if I’m wrong.