Finally…strong ESX 4.1 root passwords. SHA512 baby!

Historically VMware has not used the strongest hashing algorithms to store root passwords on ESXi or ESX hosts. And to make matters worse, ESX/i 4.1 had a major security hole that was open for over four months, which you can read about here. The short story is that ROOT passwords in ESX/i 4.1 were only authenticated up to 8 characters. The screw up on VMware’s part was only using DES (not even 3DES) for the password encryption. DES is a joke, and even 3DES is not considered secure. One workaround for this major hole was to use MD5 hashing, but even that is not considered secure.

A couple of days ago VMware pushed a KB article how to increase the password encryption strength by using SHA512. SHA512 is considered secure and is very well respected. So I applaud VMware in publishing an article on how to enable this feature. I am still shocked it took VMware four months to publish a patch to plug the 8 character password hole.

I can only hope in 4.1 U1 and future releases that SHA512 is used by default. Having to hack system files to increase security is not my idea of a fun time.

Print Friendly, PDF & Email

Related Posts

Notify of
Inline Feedbacks
View all comments