How are user passwords stored in Server Backup Manager, and where can I extract the user database file?

Passwords are hashed using SHA-1 and then Base64‑encoded, as seen in the `PasswordEncoder.class` located in `/usr/sbin/r1soft/lib/cdpserver.jar`. The user database is stored in an HSQLDB file at `/usr/sbin/r1soft/database/r1softDB.script`, which contains user entries in plain text (with the encoded password). This database path is derived from the `server.conf` configuration file. More details are in the Server Backup Manager Vulnerability Debugging Environment Setup article.