UCF STIG Viewer Logo

Unauthorized users have access to the VirtualCenter virtual machine.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15869 ESX0700 SV-16810r1_rule Medium
Description
Virtual machines may be accessed by anyone with the proper permissions. If the VirtualCenter virtual machine is accessed by a normal virtual machine user, specific settings in the virtual infrastructure may be changed or modified. Modifications may include permissions, object groupings, installing malicious software, etc. To mitigate this, access to the VirtualCenter virtual machine will be restricted to only authorized users.
STIG Date
VMware ESX 3 Virtual Center 2016-05-03

Details

Check Text ( C-16226r1_chk )
1. Request a copy of the authorized VirtualCenter administrator user documentation. If no documentation exists, this is a finding.
2. Log into the VI Client as a user with Administrator privileges. Work with the system administrator to access the system with these privileges.
3. In the Inventory panel on the left, select the VirtualCenter virtual machine.
4. Click the Permissions tab.
5. Review the permissions and verify that they match the documentation provided. If there is a discrepancy, this is a finding.
Fix Text (F-15829r1_fix)
Restrict access to the VirtualCenter virtual machine to only authorized users.