This article highlights a security-related issue in Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.99 that may allow a user accessing the Veeam Backup & Replication server to obtain the administrator credentials of the Veeam Backup for Microsoft Azure backup appliance, potentially allowing an attacker to gain access to the Veeam Backup for Microsoft Azure appliance.
This issue explicitly affects any environment where an existing deployment of Veeam Backup for Microsoft Azure was upgraded to version 5a while using Microsoft Azure Plug-In for Veeam Backup & Replication version 12.1.5.99. During the appliance upgrade process, administrator credentials were requested to update the Veeam Backup for Microsoft Azure backup appliance's operating system from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS. That Veeam Backup for Microsoft Azure backup appliance administrator password was stored in the Updater log file: C:\ProgramData\Veeam\Backup\Plugins\Microsoft Azure\Logs\<backup_appliance_name>\Veeam.Azure.Updater.
To address this issue, Veeam has released a new build of Microsoft Azure Plug-In for Veeam Backup & Replication.
It is advised to install this update as soon as possible.
Issue fixed starting in: Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.106
When version 12.1.5.106 of the Plug-In is installed, the Plug-In will replace the backup appliance administrator password in the existing updater log files with asterisks (*). During future update procedures, the Plug-In will log only asterisks (*) instead of the actual Veeam Backup for Microsoft Azure backup appliance administrator password.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case