VMware Cloud Community
nirvy
Commander
Commander

ESXi 4.1 authentication bug?

Hi all

It seems that authentication only requires the first 8 characters to be correct. My root password is 11 characters long, but so long as the first 8 characters are correct, I can put whatever I like after that and it still authenticates me. Tested this on three ESXi boxes, all running 260247 (release)

It works (so far) on Local tech support login, and when adding host to vCenter inventory. Have not tested with ESX

Is this normal?

Reply
0 Kudos
25 Replies
maishsk
Expert
Expert

No I did not

Maish - VCP - vExpert 2010

VMware Communities User Moderator

Virtualization Architect & Systems Administrator

Twitter

Maish Saidel-Keesing • @maishsk • http://technodrone.blogspot.com • VMTN Moderator • vExpert • Co-author of VMware vSphere Design
Reply
0 Kudos
jordan57
Enthusiast
Enthusiast

I installed a copy of build 260247 in Workstation with a 10 digit password. I can reproduce the same results.

As long as the first 8 characters are correct I can enter only the 8 or anything after the 8 and it will accept it and log me in.

VMware VCP - Consider awarding points for "helpful" and/or "correct" answers.

Blog: http://www.virtualizetips.com Twitter = @bsuhr
Reply
0 Kudos
pironet
Enthusiast
Enthusiast

I confirm the issue with ESXi4.1.0 fresh or upgrade from ESXi4.0.

The workaround would be:

1- vi /etc/pam.d/system-auth and change this line accordingly:

password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok md5 shadow

save and exit the file with :wq!

2- change your password in DCUI,

3- verify that it has encrypted your root’s password using MD5 algorithm: cat /etc/shadow <- If root’s password hash starts with a ‘$1$‘ then MD5 algorithm was used.

N.B. Don't do that in a production environment!

Read more at deinoscloud.wordpress.com






I wish I was a virtual machine Smiley Happy

http://deinoscloud.wordpress.com

I wish I was a virtual machine :) http://deinoscloud.wordpress.com
Reply
0 Kudos
AlbertWT
Virtuoso
Virtuoso

thanks for sharing the tips in how to make it secure, however, may i know why you' suggesting "Don't do that in a production environment" ?

/* Please feel free to provide any comments or input you may have. */
Reply
0 Kudos
Dave_Mishchenko
Immortal
Immortal

In general when you access tech support mode you should do under the guidance of VMware support. For this issue the "supported" change is documented here - http://kb.vmware.com/kb/1024500.




Dave

VMware Communities User Moderator

Now available - vSphere Quick Start Guide

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.

Reply
0 Kudos
maishsk
Expert
Expert

Patch was released today

New Patch released - VMSA-2010-0016
Maish

VMware Communities User Moderator

- @maishsk

Maish Saidel-Keesing • @maishsk • http://technodrone.blogspot.com • VMTN Moderator • vExpert • Co-author of VMware vSphere Design
Reply
0 Kudos