<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: lockdown mode and DCUI in ESXi Discussions</title>
    <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910618#M281846</link>
    <description>&lt;P&gt;Hi, all&lt;/P&gt;&lt;P&gt;In a ESXI Host with Lockdown Mode enabled (Normal or Restrict Mode), is it possible to someone restart the server and access ESXi Shell using a "Safe Mode" or something like that? My point is: a malicious user could break Lockdown Mode security restarting the ESXi host?&lt;/P&gt;&lt;P&gt;Regards.&amp;nbsp;&lt;/P&gt;&lt;P&gt;Valter Junior&lt;/P&gt;</description>
    <pubDate>Mon, 23 May 2022 13:43:28 GMT</pubDate>
    <dc:creator>vesej</dc:creator>
    <dc:date>2022-05-23T13:43:28Z</dc:date>
    <item>
      <title>lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306433#M118437</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Can anyone give me a beginners guide to the risks associate with:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;1) Not enabling lockdown mode on hosts&lt;/P&gt;&lt;P&gt;2) Not disabling DCUI on hosts&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I am relatively new to vmware but as I work in risk these findings have been raised in a security healthcheck, I wanted some expert input into just how dangerous these findings are - perhaps in the context of whether they expose the data on the guests residing on those hosts? Please keep answers pretty basic.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 21 Oct 2013 09:01:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306433#M118437</guid>
      <dc:creator>cb122</dc:creator>
      <dc:date>2013-10-21T09:01:53Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306434#M118438</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;SPAN&gt;If you enable or disable lockdown mode using the Direct Console User Interface, permissions for users and groups on the host are discarded. To preserve these permissions, you must enable and disable lockdown mode using the vSphere Client connected to vCenter Server. Procedure 1At the Direct Console User Interface of the host, press F2 and log in. 2Scroll to the Configure Lockdown Mode setting and press Enter. 3Press Esc until you return to the main menu of the Direct Console User Interface. also this is link &lt;/SPAN&gt;&lt;A class="jive-link-external-small" href="http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html"&gt;http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 21 Oct 2013 09:26:32 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306434#M118438</guid>
      <dc:creator>admin</dc:creator>
      <dc:date>2013-10-21T09:26:32Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306435#M118439</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;1) Not enabling lockdown mode on hosts&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px;"&gt;To increase the security of your ESXi hosts, you can put them in Lockdown mode.&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN style="color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px;"&gt;When Lockdown is enabled even when your ESXi hosts credentials are exposed to anyone, then who has permission on the vCenter server where the ESXI is locked-down to, only he will have the permissio to perform any task upon your ESXI host.&lt;/SPAN&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px;"&gt;Which means if its not enabled whoever has the access to your ESXi host can manipulate the VMS hosted on it. &lt;BR /&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;BLOCKQUOTE&gt;
&lt;P&gt;2) Not disabling DCUI on hosts&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px;"&gt;When you enable this service while running in Lockdown mode, you can log in locally to the DCUI as the root user and disable Lockdown mode.&lt;/SPAN&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN style="color: #666666; font-family: Arial, Helvetica, sans-serif, 'Bitstream Vera Sans'; font-size: 12px;"&gt;This is threat if the root user credentials are exposed to any non-authoritative person.&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;~dGeorgey&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 21 Oct 2013 09:30:35 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/1306435#M118439</guid>
      <dc:creator>admin</dc:creator>
      <dc:date>2013-10-21T09:30:35Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910618#M281846</link>
      <description>&lt;P&gt;Hi, all&lt;/P&gt;&lt;P&gt;In a ESXI Host with Lockdown Mode enabled (Normal or Restrict Mode), is it possible to someone restart the server and access ESXi Shell using a "Safe Mode" or something like that? My point is: a malicious user could break Lockdown Mode security restarting the ESXi host?&lt;/P&gt;&lt;P&gt;Regards.&amp;nbsp;&lt;/P&gt;&lt;P&gt;Valter Junior&lt;/P&gt;</description>
      <pubDate>Mon, 23 May 2022 13:43:28 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910618#M281846</guid>
      <dc:creator>vesej</dc:creator>
      <dc:date>2022-05-23T13:43:28Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910638#M281849</link>
      <description>&lt;P&gt;What version of ESXi?&lt;/P&gt;</description>
      <pubDate>Mon, 23 May 2022 15:03:12 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910638#M281849</guid>
      <dc:creator>mbufkin</dc:creator>
      <dc:date>2022-05-23T15:03:12Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910640#M281850</link>
      <description>&lt;P&gt;I would expect that without the root password you could not change lockdown mode.&lt;/P&gt;&lt;P&gt;More info from VMware:&amp;nbsp;&lt;A href="https://kb.vmware.com/s/article/1008077" target="_blank" rel="noopener"&gt;https://kb.vmware.com/s/article/1008077&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 23 May 2022 15:05:41 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910640#M281850</guid>
      <dc:creator>mbufkin</dc:creator>
      <dc:date>2022-05-23T15:05:41Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910671#M281853</link>
      <description>&lt;P&gt;Some Linux distros allows an administrator to recover the root password editing the bootloader machine. So, if an administrator do that, it can disable Lockdown Mode?&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regards.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 23 May 2022 16:55:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910671#M281853</guid>
      <dc:creator>vesej</dc:creator>
      <dc:date>2022-05-23T16:55:53Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910904#M281891</link>
      <description>&lt;P&gt;Version 7 Update 3.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;</description>
      <pubDate>Tue, 24 May 2022 17:19:31 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2910904#M281891</guid>
      <dc:creator>vesej</dc:creator>
      <dc:date>2022-05-24T17:19:31Z</dc:date>
    </item>
    <item>
      <title>Re: lockdown mode and DCUI</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2911311#M281935</link>
      <description>&lt;P&gt;Thanks for sharing this data guys this is great information&lt;/P&gt;</description>
      <pubDate>Thu, 26 May 2022 14:27:27 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/lockdown-mode-and-DCUI/m-p/2911311#M281935</guid>
      <dc:creator>mburger</dc:creator>
      <dc:date>2022-05-26T14:27:27Z</dc:date>
    </item>
  </channel>
</rss>

