VMware Tools drag and drop capabilities are enabled for virtual machines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15894 | ESX0980 | SV-16836r1_rule | Medium |
| Description |
|---|
| The drag and drop operation may be used to transfer files from the guest virtual machine to the computer connecting to the virtual machine via the VI Console. Files may be moved from the guest virtual machine to the VI Console computer through the drag and drop functionality. This functionality has several potential damaging consequences. The file moved to the VI Console computer may be so large that it fills the hard disk on the system, may contain sensitive information, or may contain malicious code. These scenarios could potentially cause a denial of service to the VI Console computer, expose sensitive information to unauthorized users, or run malicious code. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-16254r1_chk ) |
|---|
| 1. Login to VirtualCenter with the VI Client and select a virtual machine from the inventory panel. The configuration page for the virtual machine appears with the Summary tab displayed. 3. Click Options > Advanced > Configuration Parameters to open the Configuration Parameters dialog box. 4. Verify the following is displayed in the result: isolation.tools.dnd.disable true If this is not present, this is a finding. |
| Fix Text (F-15855r1_fix) |
|---|
| Disable drag and drop in VMware Tools. |