There is a password authentication bug in VMware vSphere ESXi 4.1

Posted by on July 15, 2010 in VMware, vSphere | 0 comments

While doing my usual surfing in the VMware forums I came across a thread about a password issue with ESXi 4.1. The issue seems to be that the latest version of ESXi only looks at the first 8 digits of your password. So as long as you type in the first 8 digits of your password correct the rest does not matter. I was able to recreate this in my home lab using a 10 digit password.

So to make it crystal clear when I installed ESXi 4.1 with Build # 260247 I entered a 10 digit password for “root”. After the install and a reboot I was able to login using my password as expected. I then enabled TSM mode for local and SSH access. I was then able to log on using local or SSH as the method using my exact password, just the first 8 digits or the 8digits plus anything else after. I even tried entering the first 8 digits and several digits of random characters afterward and it still accepts the password.

I will post a follow up to this post once something is released from VMware regarding this password issue. Until then you can follow along with the thread over on the VMware forums if you wish.

Update July 19th, 2010

VMware released a KB article today that basically explains the issue but does not really offer a fix. It really looks like there will not be a fix and we will just be limited to 8 character passwords. VMware KB Article.

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Leave a Reply

%d bloggers like this: