The ESXi host must be configured with an appropriate maximum password age.

An XCCDF Rule

Details
Profiles

Description

The older an ESXi local account password is, the larger the opportunity window is for attackers to guess, crack or reuse a previously cracked password. Rotating passwords on a regular basis is a fundamental security practice and one that ESXi supports.

ID: SV-256443r959010_rule
Version: ESXI-70-000091
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Advanced System Settings.

Click "Edit". Select the "Security.PasswordMaxDays" value and set it to "90".
or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.PasswordMaxDays | Set-AdvancedSetting -Value "90"

The ESXi host must be configured with an appropriate maximum password age.

Description

Remediation Templates

A Manual Procedure