The ESXi host must prohibit password reuse for a minimum of five generations.

An XCCDF Rule

Details
Profiles

Description

If a user or root used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.

ID: SV-258735r1003559_rule
Version: ESXI-80-000043
Severity: Medium
References: CCI-004061
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Advanced System Settings.

Click "Edit". Select the "Security.PasswordHistory" value and configure it to "5".
or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.PasswordHistory | Set-AdvancedSetting -Value 5

The ESXi host must prohibit password reuse for a minimum of five generations.

Description

Remediation Templates

A Manual Procedure