Can someone substantiate the security risk with allowing copy and paste between VMs?

In all of VMWare’s best practices they always state (and by default) that guest isolation copy and paste is disabled. This leads to more insecure ways of getting complex passwords from a host system password manager into a vm to paste in a field. For instance running \\servername\c$, authenticating with domain admin and creating a text file to paste… then in the VM opening that text file. Well now to me that’s even worse because the password was written to disk in clear text at some point, even if you delete it.

Sure I guess you can RDP and enable clipboard access there too..

Just curious, did someone somewhere forget they had something sensitive in the clipboard and threaten to sue vmware for it? I usually copy the letter A or something when I’m done just to clear the clipboard out.

View Reddit by kjstechView Source

Related Articles


  1. Generally I would recommend that you not use the Remote Console for… anything once you’re in production. Use RDP, SSH, whatever method you need in order to access the VM OS and lock down that access to your management workstation/bastion host. This is exactly how you’d do it in a public cloud environment where you have no VM console access. Remote clipboard via VMRC is a security nightmare, and is rightly disabled by default.

  2. In some environments that password should never leave the secure enclave and travel to/from the client workstation. It’s not a bad default. I turn it off everywhere, since I am probably copying urls or long commands.

  3. Passwords are just one example, but maybe copying a very long URL or a license code out of an email of some sort. Usually its SMB it over via a text file or RDP with clipboard or putty (if its ssh to a *nix based vm).

  4. Well literally you’re doing it wrong…

    If I’m in a environment where security is paramount, I wouldn’t enable this, what I do is open web page with those passwords and copy inside the vm.

Leave a Reply

Your email address will not be published. Required fields are marked *