• RSS
  • Twitter
  • FaceBook

Virtualization Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Password flaw in ESXi 4.1

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [VMware Virtualization] >> General >> Password flaw in ESXi 4.1 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Password flaw in ESXi 4.1 - 19.Jul.2010 12:22:39 PM   
JustinC71

 

Posts: 36
Joined: 29.Jun.2010
From: VA
Status: offline 		Read this link before upgrading to ESXi 4.1, especially if you are in any kind of high security environment.  The full ESX 4.1 version is unaffected.

http://www.virtuallyghetto.com/2010/07/esxi-41-major-security-issue.html

Cliffs:
"It seems that authentication only requires the first 8 characters to be correct. My root password is 11 characters long, but so long as the first 8 characters are correct, I can put whatever I like after that and it still authenticates me. "

Edit:  Both ESX and ESXi are affected!

< Message edited by JustinC71 -- 22.Jul.2010 8:18:06 AM >

_____________________________

-Justin, VCP 3/4, MCSE
Post #: 1
RE: Password flaw in ESXi 4.1 - 21.Jul.2010 8:39:24 AM   
JustinC71

 

Posts: 36
Joined: 29.Jun.2010
From: VA
Status: offline 		VMware released this workaround yesterday, a patch will be coming along eventually.

http://kb.vmware.com/kb/1024500

_____________________________

-Justin, VCP 3/4, MCSE

(in reply to JustinC71)
Post #: 2
RE: Password flaw in ESXi 4.1 - 21.Jul.2010 9:16:07 PM   
Scott Lowe

 

Posts: 444
Joined: 13.May2010
Status: offline 		Justin -

Wow... that could be nasty. Thanks for sharing the link!

In reading the KB note, it looks like both ESX and ESXi are affected. Have you seen this?

For others, if you follow Justin's link to the VMware KB article describing the issue, you'll find some workaround instructions that might be useful if you can't wait for VMware to provide an update to fix the issue.

Scott

(in reply to JustinC71)
Post #: 3
RE: Password flaw in ESXi 4.1 - 22.Jul.2010 8:10:16 AM   
JustinC71

 

Posts: 36
Joined: 29.Jun.2010
From: VA
Status: offline 		Scott,
Yep, both are affected.  One of the first articles I read said that ESX was unaffected, but apparently that was incorrect and I didn't catch it. 





_____________________________

-Justin, VCP 3/4, MCSE

(in reply to Scott Lowe)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [VMware Virtualization] >> General >> Password flaw in ESXi 4.1 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



Receive all the latest articles by email!

Receive Real-Time & Monthly VirtualizationAdmin.com article updates in your mailbox. Enter your email below!

Become a VirtualizationAdmin.com member!

Discuss all your Virtualization issues with thousands of other experts. Click here to join!