tag:blogger.com,1999:blog-2990507292761341672.post254878759061687572..comments2011-09-30T10:20:40.578-07:00Williamnoreply@blogger.comBlogger8125tag:blogger.com,1999:blog-2990507292761341672.post-321580292945785912011-09-30T10:20:40.578-07:002011-09-30T10:20:40.578-07:00William, I read this article a year ago and applied the patch and thought that was the end of it. Fast forward to ESXi5 and it reapper on my network, here&#39;s what I mean http://toti3.wordpress.com/2011/09/30/esxi-password-vulnerability-reborn/Totie Bashhttp://www.blogger.com/profile/16953197798450317159noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-46652960379003865002010-07-18T15:45:44.720-07:002010-07-18T15:45:44.720-07:00Hi Didier,<br /><br />I just got back from the weekend and noticed the post! Great job, I did not have a lot of time to spend trying to find the solution, but it looks like it was a pretty straight forward one. <br /><br />I also updated my blog post with the link to yours for the solution. One method of ensuring the file is preserved is just edit the auto-backup script to also backup this specific file. I would still recommend waiting for VMware to provide a true fix via a patch/update.<br /><br />--WilliamWilliamhttp://www.blogger.com/profile/07056477666904240209noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-85271616211471652982010-07-17T19:46:05.371-07:002010-07-17T19:46:05.371-07:00Hi William, I did also some researches on this issue and came with back with a workaround... Read more at http://deinoscloud.wordpress.com/2010/07/18/esxi-4-1-major-security-issue-the-sequel-and-the-workaround/<br /><br />Cheers,<br />DidierPiroNethttp://deinoscloud.wordpress.com/noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-10503123649053649482010-07-17T14:39:32.662-07:002010-07-17T14:39:32.662-07:00I can vouch for this issue too - it was my colleague who posted that to the VMware community ;-)<br /><br />He got me to test it, and the problem exists for sure.<br /><br />Scott VesseyScott Vesseyhttp://www.blogger.com/profile/06276460042238377305noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-16424629087995859082010-07-17T14:20:40.755-07:002010-07-17T14:20:40.755-07:00The problem does not append with AD authNiTRohttp://www.blogger.com/profile/09781737231499981455noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-49121125184128341922010-07-17T13:19:08.686-07:002010-07-17T13:19:08.686-07:00What if you use the AD integration, is that affected?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-75337926479677594942010-07-17T11:30:21.190-07:002010-07-17T11:30:21.190-07:00Mike,<br /><br />Good find, I did not notice this earlier while looking in the shadow file. This would make sense as DES crypt is limited to 8 character password + salt. I suspect the password is just being truncated or being encrypted by DES vs MD5 as you mentioned.<br /><br />Thanks<br /><br />--WilliamWilliamhttp://www.blogger.com/profile/07056477666904240209noreply@blogger.comtag:blogger.com,1999:blog-2990507292761341672.post-42259151860121055142010-07-17T11:19:28.080-07:002010-07-17T11:19:28.080-07:00I was looking at a change I made on a newly upgraded 4.1 system...<br /><br />And it looks like things have reverted to DES for the /etc/shadow files from a previous setting of MD5 hashes.<br /><br />Not good...Mike Horwathhttp://www.geekandi.com/noreply@blogger.com