Solved: ESXi 4.1 password bug

jason_farrow · ‎02-18-2011

I have found a new bug with ESXi's use of passwords.

I have a number of ESX servers which all have root passwords along this format r00t4TST11 where the last two didgets increment for the ESX server (ESX11, ESX12, ESX13 etc).

It does not matter what password I use provided the first part of the password is OK eg: r00t4TST99 will work just as well as r00t4TST11 for host ESX11.

I can even login with just r00t4TST with no numbers on the end. Adding more numbers fails the login.

Clearly this is something to do with the hashing algorithm but it should be taking all the letters and numbers into account.

Any one else seen this?

Troy_Clavell · ‎02-18-2011

see below

http://www.virtuallyghetto.com/2010/07/esxi-41-major-security-issue.html

View solution in original post

Troy_Clavell · ‎02-18-2011

see below

http://www.virtuallyghetto.com/2010/07/esxi-41-major-security-issue.html

jason_farrow · ‎02-18-2011

Oh well, just six months behind the times...<sigh>

a_p_ · ‎02-18-2011

Take a look at KB article http://kb.vmware.com/kb/1024500 for a workaround or update to the latest version.

André

All

ESXi 4.1 password bug