Reputation: 5666
Accessing unencrypted H2 database without credential knowledge
We are cleaning up servers for a customer and have stumbled upon an old application using an H2 database. While the accessing applications have credentials in their configuration files, none of them seem to work.
Even the "sa" user access is not known. As far as I can see, the password for "sa" defaults to an empty string, but access with "sa"/"" is denied (Wrong user name or password [28000-182] 28000/28000 (Help)).
As said, the database is not encrypted. Looking at the file, I can see the SQL statements for the tables, even some table contents.
Is there any way to gain access to that database? As far as my searches have shown it's only possible using the "sa" user. I'm looking for something along the lines of "--skip-grant-tables" from MySQL.
Upvotes: 0
Views: 324
Answers (1)
Reputation: 50097
The easiest solution is probably:
- Try to login to the database without password. This will fail (wrong user name or password), but it will run transaction log recovery so that the database is in a consistent state.
- Then, use the Recover tool (
org.h2.tools.Recover) to generate a SQL script. - Edit the script: Change the password for the default user.
- Run the script. That way you get a new database.
Upvotes: 2
Related Questions
- Invalid username/password when accessing Keycloak's H2 database
- Create a user that can connect to the database in H2
- What is the default username and password for h2 when there's nothing explicit in JDBC?
- connecting to H2 database
- Access encrypted database from H2 console
- How to connect to H2 database from Java & H2 DB
- Do (H2) database passwords protect when attacker has access to local files?
- Connect to h2 database
- H2 database HTTPS connection
- H2 console access for databases other than h2