mikebuffalo
Contributor
Contributor

Data exposure in logs, crash dumps, coredump

Jump to solution

I could not answer this question.

Is there a condition where VMware logs, crash dumps, coredumps,...  may contain sensitive or protected data?   

The concern is that Protected Health Information  (ePHI  HIPAA); research data or any data from the VM would be in the any diagnostic information sent to VM support.

Thanks

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal

To my knowledge, there are no conditions which could result in in-guest data (i.e., data contained within a virtual machine's environment) being output to ESXi or vCenter logs, or core dumps. However, you asked about them containing "sensitive or protected data" and to that the answer could be yes depending on what you consider "sensitive" and "protected". For example, when using VM encryption, core dumps could contain the encryption keys used by ESXi to decrypt data. This would be considered protected information in many circumstances. So, again, it depends on your definition of those terms.

View solution in original post

0 Kudos
1 Reply
daphnissov
Immortal
Immortal

To my knowledge, there are no conditions which could result in in-guest data (i.e., data contained within a virtual machine's environment) being output to ESXi or vCenter logs, or core dumps. However, you asked about them containing "sensitive or protected data" and to that the answer could be yes depending on what you consider "sensitive" and "protected". For example, when using VM encryption, core dumps could contain the encryption keys used by ESXi to decrypt data. This would be considered protected information in many circumstances. So, again, it depends on your definition of those terms.

View solution in original post

0 Kudos