UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware Tools drag and drop capabilities are enabled for virtual machines.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15894 ESX0980 SV-16836r1_rule Medium
Description
The drag and drop operation may be used to transfer files from the guest virtual machine to the computer connecting to the virtual machine via the VI Console. Files may be moved from the guest virtual machine to the VI Console computer through the drag and drop functionality. This functionality has several potential damaging consequences. The file moved to the VI Console computer may be so large that it fills the hard disk on the system, may contain sensitive information, or may contain malicious code. These scenarios could potentially cause a denial of service to the VI Console computer, expose sensitive information to unauthorized users, or run malicious code.
STIG Date
VMware ESX 3 Virtual Center 2016-05-03

Details

Check Text ( C-16254r1_chk )
1. Login to VirtualCenter with the VI Client and select a virtual machine from the inventory panel.
The configuration page for the virtual machine appears with the Summary tab displayed.
3. Click Options > Advanced > Configuration Parameters to open the Configuration Parameters dialog box.
4. Verify the following is displayed in the result:

isolation.tools.dnd.disable true

If this is not present, this is a finding.
Fix Text (F-15855r1_fix)
Disable drag and drop in VMware Tools.