The following components of VirtualBox can use passwords for authentication:
When using the VirtualBox extension pack provided by Oracle for VRDP remote desktop support, you can optionally use various methods to configure RDP authentication. The "null" method is very insecure and should be avoided in a public network. See Section 7.1.5, “RDP authentication” for details.
When using teleporting, passwords can optionally be used to protect a machine waiting to be teleported from unauthorized access. Note however that these passwords are stored unencrypted in the machine configuration XML and therefore potentially readable on the host. See Section 7.2, “Teleporting” and Section 8.7.5, “Teleporting settings”.
When using remote iSCSI storage and the storage server
requires authentication, a password can optionally be supplied with
the VBoxManage storageattach
command. Note however that this is stored unencrypted in the machine configuration and
is therefore potentially readable on the host. See Section 5.10, “iSCSI servers” and Section 8.16, “VBoxManage storageattach”.
When using the VirtualBox web service to control a VirtualBox host remotely, connections to the web service are authenticated in various ways. This is described in detail in the VirtualBox Software Development Kit (SDK) reference; please see Chapter 11, VirtualBox programming interfaces.