Root passwords must never be passed over a network in clear text form.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
GEN001100-ESXI5-PNF	GEN001100-ESXI5-PNF	GEN001100-ESXI5-PNF_rule		High

Description
If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. This is true even if recommended procedures are followed by logging on to a named account and using the su command to access root. Applicable, but permanent not-a-finding - SSH is disabled by default, root login via SSH is disabled-by-default, and full lockdown including the DCUI is required.

Description

If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. This is true even if recommended procedures are followed by logging on to a named account and using the su command to access root. Applicable, but permanent not-a-finding - SSH is disabled by default, root login via SSH is disabled-by-default, and full lockdown including the DCUI is required.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-GEN001100-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-GEN001100-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.