Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Unauthorized users have access to the VirtualCenter virtual machine.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15869 | ESX0700 | SV-16810r1_rule | Medium |
| Description |
|---|
| Virtual machines may be accessed by anyone with the proper permissions. If the VirtualCenter virtual machine is accessed by a normal virtual machine user, specific settings in the virtual infrastructure may be changed or modified. Modifications may include permissions, object groupings, installing malicious software, etc. To mitigate this, access to the VirtualCenter virtual machine will be restricted to only authorized users. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-16226r1_chk ) |
|---|
| 1. Request a copy of the authorized VirtualCenter administrator user documentation. If no documentation exists, this is a finding. 2. Log into the VI Client as a user with Administrator privileges. Work with the system administrator to access the system with these privileges. 3. In the Inventory panel on the left, select the VirtualCenter virtual machine. 4. Click the Permissions tab. 5. Review the permissions and verify that they match the documentation provided. If there is a discrepancy, this is a finding. |
| Fix Text (F-15829r1_fix) |
|---|
| Restrict access to the VirtualCenter virtual machine to only authorized users. |