Besides gaining local admin on vCenter, what other path can lead to obtaining the data.mdb file?

An attacker can acquire the `data.mdb` file from vCenter backup files. If backups are leaked, the same technique can extract the IdP certificate, create a SAML request, and gain admin access to the VCSA management panel. This enables interaction with managed virtual machines and can be combined with methods like the one described in vSphere Development Guide 5 - LDAP for adding administrator users.