Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216865 | VCWN-65-000046 | SV-216865r612237_rule | Medium |
Description |
---|
By limiting the number of failed login attempts, the risk of unauthorized access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
STIG | Date |
---|---|
VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2020-12-10 |
Check Text ( C-18096r366309_chk ) |
---|
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy. View the values for the lockout policies. The following lockout policy should be set at follows: Time interval between failures: 900 seconds If this lockout policy is not configured as stated, this is a finding. |
Fix Text (F-18094r366310_fix) |
---|
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy. Click "Edit". Set the Time interval between failures to "900" and click "OK". |