Skip to main content
commvault.com commvault.com

CommCell Security

  • October 8, 2025
  • 3 replies
  • 44 views
A
Novice
Forum|alt.badge.img+8

Hi all,

I have disabled SSO on my CommCell and created local CV accounts.

I have enabled CV MFA for these user accounts and restricted master group access to a few users.

In the event of a cyber attack I have create an admin (master group) account with no MFA. This account has a crazy long password and will not be used for day to day activities.

My question here is how safe is this account ? and is there a way to secured it with MFA, where MFA will work when I have no email / internet access for ?

Thanks  

3 replies

Scott Moseman
Vaulter
Forum|alt.badge.img+22

To be clear, you do not need email for MFA.  You can use common PIN generating apps.  Google and Microsoft are mentioned, but any app following RFC 6238 will work.  e.g. Cisco Duo, etc.

https://documentation.commvault.com/11.40/software/pin_generating_tools.html

If you stay with the password, I have seen customers use a password check-out system where 2 people each check out their half of the password.  Any actions are taken with both present and then they log off the account.  No single person has access to the full admin password.

Thanks,
Scott
 

Commvault Enterprise Success
A
Novice
Forum|alt.badge.img+8
  • atitagainNovice
  • Author
  • Novice
  • October 8, 2025

@Scott Moseman thanks for your reply. If I was to restore my CS in a dark site after a Cyber attack I don't think the build in MFA codes will work, this is why I have a break glass account. 

 

My fear is can this account can be compromised via SQL queries etc

Scott Moseman
Vaulter
Forum|alt.badge.img+22

My fear is can this account can be compromised via SQL queries etc


The local accounts are stored in the database so, technically, yes they could be compromised by someone with the right SQL access.  Although if someone has SQL access they would have the ability to compromise a more than just the local accounts.

There are some suggestions for hardening the SQL Server:

https://documentation.commvault.com/11.40/commcell-console/securing_commserve_computer.html

Thanks,
Scott
 

Commvault Enterprise Success
Terms & ConditionsCookie settingsAccessibility statement