search cancel

VMWare - Vcenter - Authentication Brute Force” behavior from <IP><HOST> <IP><HOST> with source user as “root”


Article ID: 242962


Updated On:


CA Privileged Access Manager (PAM)


SWIFT - VMWare - Vcenter - Authentication Brute Force” behavior from (gdcpavc0053) and (gdcpavc0057) with source user as “root”

Destination Host : <host>

Destination IP: <IP>

This incident occurred on Apr 24th and May 03rd.  Did not happen again.


Release : 3.4

Component : 


The issue only occured twice.  Network team provided a report showing the root account tried to be verified against the PAM host every 1-5 second about 20 times.  This seemed to trigger the network security team application and VMware of a possible DOS\brute force attack.  Unfortunately, this was reported to support 2 months after the issue occurred.  No logs or information from PAM on what might have occurred.  It seems there was a network change or issue on those two dates.  On those two dates, PAM was never down so logs may not have shown anything even if they existed.