Detections
Analytics
ESXI-67-000032 - The ESXi host must prohibit the reuse of passwords within five iterations.
Information
If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.Solution
From the vSphere Client, select the ESXi host and go to Configure >> System >> Advanced System Settings.Select the 'Security.PasswordHistory' value and configure it to '5'.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 ESXi v1r3
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(1)(e), CAT|II, CCI|CCI-000200, Rule-ID|SV-239287r674790_rule, STIG-ID|ESXI-67-000032, Vuln-ID|V-239287
Plugin: VMware
Control ID: 48d15d6319fcc9aa64d7772161232865d55dcf65eec1d283213cdadc771f96ca