The VMware vSphere Data Protection (VDP) appliance is based on the EMC Avamar solution. To perform an in-depth analysis of VDP, a virtual test appliance of EMC Avamar was downloaded. Known Avamar default credentials did work fine on the Avamar appliance, but were not valid to log into the vSphere Data Protection. Further file system objects in the EMC Avamar appliance were analyzed, leading to the interesting detection of a private SSH key belonging to the admin user.
A web search did reveal that the corresponding password for the SSH key file is ‘P3t3rPan’ (see http://judsonian.com/content/licensing-an-avamar-system/). Using the SSH key file a login as admin to the VMware Data Protection was successful and did grant root permissions on the appliance.
11.08.2016 report of vulnerability to VMware Security Response team