UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ESXi host must prohibit the reuse of passwords within five iterations.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256398 ESXI-70-000032 SV-256398r885975_rule Medium
Description
If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.
STIG Date
VMware vSphere 7.0 ESXi Security Technical Implementation Guide 2023-02-21

Details

Check Text ( C-60073r885973_chk )
From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Advanced System Settings.

Select the "Security.PasswordHistory" value and verify it is set to "5".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory

If the "Security.PasswordHistory" setting is not set to "5" this is a finding.
Fix Text (F-60016r885974_fix)
From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Advanced System Settings.

Select the "Security.PasswordHistory" value and configure it to "5".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5