diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 116ad0f51f..13374b75e4 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -626,6 +626,7 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
     int result = -1;
     char ipAddress[NI_MAXHOST] = "";
     char *username = NULL;
+    char *unescapedPassword = NULL;
     char *password = NULL;
     char *url = NULL;
     esxVI_String *propertyNameList = NULL;
@@ -657,10 +658,16 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
         }
     }
 
-    password = virRequestPassword(auth, username, hostname);
+    unescapedPassword = virRequestPassword(auth, username, hostname);
+
+    if (unescapedPassword == NULL) {
+        ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
+        goto cleanup;
+    }
+
+    password = esxUtil_EscapeForXml(unescapedPassword);
 
     if (password == NULL) {
-        ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
         goto cleanup;
     }
 
@@ -727,8 +734,9 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
     result = 0;
 
   cleanup:
-    VIR_FREE(password);
     VIR_FREE(username);
+    VIR_FREE(unescapedPassword);
+    VIR_FREE(password);
     VIR_FREE(url);
     esxVI_String_Free(&propertyNameList);
     esxVI_ObjectContent_Free(&hostSystem);
@@ -748,6 +756,7 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
     int result = -1;
     char ipAddress[NI_MAXHOST] = "";
     char *username = NULL;
+    char *unescapedPassword = NULL;
     char *password = NULL;
     char *url = NULL;
 
@@ -779,10 +788,16 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
         }
     }
 
-    password = virRequestPassword(auth, username, hostname);
+    unescapedPassword = virRequestPassword(auth, username, hostname);
+
+    if (unescapedPassword == NULL) {
+        ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
+        goto cleanup;
+    }
+
+    password = esxUtil_EscapeForXml(unescapedPassword);
 
     if (password == NULL) {
-        ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
         goto cleanup;
     }
 
@@ -822,8 +837,9 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
     result = 0;
 
   cleanup:
-    VIR_FREE(password);
     VIR_FREE(username);
+    VIR_FREE(unescapedPassword);
+    VIR_FREE(password);
     VIR_FREE(url);
 
     return result;
diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c
index 2603957dd7..9ef947c747 100644
--- a/src/esx/esx_util.c
+++ b/src/esx/esx_util.c
@@ -552,3 +552,22 @@ esxUtil_EscapeDatastoreItem(const char *string)
 
     return escaped2;
 }
+
+
+
+char *
+esxUtil_EscapeForXml(const char *string)
+{
+    virBuffer buffer = VIR_BUFFER_INITIALIZER;
+
+    virBufferEscapeString(&buffer, "%s", string);
+
+    if (virBufferError(&buffer)) {
+        virReportOOMError();
+        virBufferFreeAndReset(&buffer);
+
+        return NULL;
+    }
+
+    return virBufferContentAndReset(&buffer);
+}
diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h
index d00e28aa2b..39fdb6db41 100644
--- a/src/esx/esx_util.h
+++ b/src/esx/esx_util.h
@@ -62,4 +62,6 @@ void esxUtil_ReplaceSpecialWindowsPathChars(char *string);
 
 char *esxUtil_EscapeDatastoreItem(const char *string);
 
+char *esxUtil_EscapeForXml(const char *string);
+
 #endif /* __ESX_UTIL_H__ */