CyberSecurityBoard
Sponsor Register Login

Veeam Recovery Orchestrator users locked out after MFA rollout

Veeam is also investigating a known issue that causes connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. While the root cause is not yet known, Veeam believes that the most likely cause is a change within the KB5051987 Windows 11 February update. Veeam Recovery Orchestrator (VRO) is an automated disaster recovery and orchestration solution that helps organizations automate, document, test, and execute recovery plans in the event of disasters such as data loss, site failures, or ransomware attacks. As the company explained in March when it acknowledged this bug, on affected systems, the Veeam Agent for Windows will display network connection failures when attempting to restore files from a Veeam Backup & Replication backup server or an SMB network share. Veeam warned customers today that a recently released version of Recovery Orchestrator blocks Web UI logins after enabling multi-factor authentication (MFA). An issue was discovered in Veeam Recovery Orchestrator build 7.2.1.286 that can causes a lockout of the UI when MFA is enabled." Veeam explains. "After enabling MFA within Veeam Recovery Orchestrator, attempting to login to the Web UI is no longer possible.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 21 Jul 2025 15:30:17 +0000


Cyber News related to Veeam Recovery Orchestrator users locked out after MFA rollout

Veeam Recovery Orchestrator users locked out after MFA rollout - Veeam is also investigating a known issue that causes connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. While the root cause is not yet known, Veeam believes that the most likely cause is a change within the ...
5 days ago Bleepingcomputer.com
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
1 year ago Helpnetsecurity.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
Veeam RCE bug lets domain users hack backup servers, patch now - Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. Ransomware gangs have told BleepingComputer in the past that Veeam ...
4 months ago Bleepingcomputer.com CVE-2025-23120
Windows 11 24H2 Update Breaks Connection to the Veeam Backup Server - For organizations planning recovery operations with Veeam in a Windows 11 environment, creating recovery media on computers running Windows 11 builds earlier than 26100.3194 is advisable until a permanent solution is available. Veeam advises ...
4 months ago Cybersecuritynews.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
1 year ago Bleepingcomputer.com Black Basta
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
1 year ago Securityboulevard.com
Windows 11 update breaks Veeam recovery, causes connection errors - ​As a temporary workaround, while Microsoft and Veeam are currently investigating this known issue and looking for a fix, users impacted by this issue are advised to recover their computer or data using Veeam Recovery Media generated from a ...
4 months ago Bleepingcomputer.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
1 year ago Securityzap.com
CVE-2022-43519 - Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. ...
2 years ago
CVE-2022-43522 - Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. ...
2 years ago
CVE-2022-43521 - Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. ...
2 years ago
CVE-2022-43520 - Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. ...
2 years ago
CVE-2022-43523 - Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. ...
2 years ago
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
1 year ago Bleepingcomputer.com
CVE-2022-43528 - Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and ...
1 year ago
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies - Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. Rather than simply creating fake landing ...
2 months ago Cybersecuritynews.com
CVE-2022-43529 - A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this ...
2 years ago
Android 14's user-profile data bug seems indistinguishable from ransomware - Roid 14 has a nasty storage bug that seems to be affecting users of the "Multiple profiles" feature. The bug is about as bad as you can get, with users having "Unusable" devices due to getting locked out of device storage. A few users are likening ...
1 year ago Arstechnica.com
CVE-2022-44535 - A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an ...
2 years ago
CVE-2022-44534 - A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)