Question says it all. Ovftool installation puts the ESXi root username and password in cleartext available in the process list of the machine it is running on.
Thanks in Advance
-Greg
Hi @goliver , have you by any chance created a support request for this issue? I would like to report it internally and having an SR number would make it easier. Thanks.
I just tried to replicate this, but I am not sure where you are seeing the username/password, as I didn't see it. But I could be looking at the wrong thing. Can you either create an SR and provide the number, or provide a screenshot and steps of how to reproduce this?
The steps are:
Use the lin64 installer for vCenter. Once it asks you for the esxi host user/pass and sizing parameters, run:
ps auwwxf
you will see ovftool listed with the user and pass in cleartext on the machine you are running lin64 from. Fairly simple ![]()
Also, that process list is readable by any user on the system, nit just the user running the install ![]()
thanks, I tested it on windows but hadn't noticed it. Let me try to repro on Linux then.
