UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must ensure the vpxuser password meets length policy.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-99999-ESXI5-000146 SRG-OS-99999-ESXI5-000146 SRG-OS-99999-ESXI5-000146_rule Medium
Description
The vpxuser password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies. Longer passwords make brute-force password attacks more difficult. The vpxuser password is added by vCenter, meaning no manual intervention is normally required. The vpxuser password length must never be modified to less than the default length of 32 characters.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-99999-ESXI5-000146_chk )
The default minimum length for passwords is 14. The vpxuser password default length is 32 characters. The vpxuser password length must never be modified to less than the default length of 32 characters. From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Verify the "config.vpxd.hostPasswordLength" is set to 32 or greater. Default is 32 characters.

If the "config.vpxd.hostPasswordLength" setting is less than 32, this is a finding.
Fix Text (F-SRG-OS-99999-ESXI5-000146_fix)
From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Set the "config.vpxd.hostPasswordLength" to comply with site requirements. Default is 32 characters. Note that the vpxuser password is added by vCenter, meaning no manual intervention is required. The vpxuser password length must never be modified to less than the default length of 32 characters.