ESXI-67-000032 - The ESXi host must prohibit the reuse of passwords within five iterations.

Information

If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.

Solution

From the vSphere Client, select the ESXi host and go to Configure >> System >> Advanced System Settings.

Select the 'Security.PasswordHistory' value and configure it to '5'.

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(e), CAT|II, CCI|CCI-000200, Rule-ID|SV-239287r674790_rule, STIG-ID|ESXI-67-000032, Vuln-ID|V-239287

Plugin: VMware

Control ID: 2a55ed02b2cc355018d8ca06596e8ecac802832969cc0c3431a343164d120f5c