| VCENTER-000004 | High | The system must block access to ports not being used by vCenter. | Militate against general attacks on the Windows system by blocking unneeded ports. A local firewall on the Windows system of vCenter, or a network firewall, can be used to block access to ports... |
| VCENTER-000028 | High | The supported operating system, database, and hardware for the vCenter Server must all be maintained. | The VMware vCenter Server is a Windows-based OS application and must reside on a supported version of Windows. |
| VCENTER-000031 | High | The vSphere Administrator role must be secured by assignment to specific user(s). | By default, vCenter Server grants full administrative rights to the local administrator's account, which can be accessed by domain administrators. Separation of duties dictates that full vSphere... |
| VCENTER-000005 | Medium | Privilege re-assignment must be checked after the vCenter Server restarts. | During a restart of vCenter Server, if the user or user group that is assigned Administrator role on the root folder could not be verified as a valid user/group during the restart, the... |
| VCENTER-000003 | Medium | The Update Manager must not be configured to manage its own VM or the VM of its vCenter Server. | The VMware Update Manager and vCenter Server are VM installable on an ESXi host. The Update Manager must not be configured to manage the updates on either of those VMs. |
| VCENTER-000023 | Medium | A least-privileges assignment must be used for the vCenter Server database user. | Least-privileges mitigates attacks if the vCenter database account is compromised. vCenter requires very specific privileges on the database. Privileges normally required only for installation and... |
| VCENTER-000020 | Medium | The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine. | By default, vCenter Server "Administrator" role allows users to interact with files and programs inside a virtual machine's guest operating system. Least Privilege requires that this privilege... |
| VCENTER-000024 | Medium | A least-privileges assignment must be used for the Update Manager database user. | Least-privileges mitigates attacks if the Update Manager database account is compromised. The VMware Update Manager requires certain privileges for the database user in order to install, and the... |
| VCENTER-000029 | Medium | vSphere Client plugins must be verified. | The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter... |
| VCENTER-000019 | Medium | Access to SSL certificates must be restricted. | The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password. By default, only the service user account and the vCenter Server administrators can access the... |
| VCENTER-000013 | Medium | Access to SSL certificates must be monitored. | The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, the vCenter Server system administrator might need to... |
| VCENTER-000012 | Medium | The vCenter Server administrative users must have the correct roles assigned. | Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned if needed, to reduce risk of confidentiality, availability... |
| VCENTER-000018 | Medium | The vSphere Administrator role must be secured and assigned to specific users. | By default, vCenter Server grants full administrative rights to the local administrator's account, which can be accessed by domain administrators. Separation of duties dictates that full vSphere... |
| VCENTER-000017 | Medium | Revoked certificates must be removed from the vCenter Server. | If revoked certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack, which potentially might enable compromise through impersonation with the user's... |
| VCENTER-000016 | Medium | Log files must be cleaned up after failed installations of the vCenter Server. | If the vCenter installation fails, a log file (with a name of the form "hs_err_pidXXXX") is created that contains the database password in plain text. An attacker who breaks into the vCenter... |
| VCENTER-000015 | Medium | Expired certificates must be removed from the vCenter Server. | If expired certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack, which potentially might enable compromise through impersonation with the user's... |
| VCENTER-000014 | Medium | The system's Update Manager must not use default self-signed certificates. | Self-signed certificates are automatically generated by Update Manager during the installation process, are not signed by a commercial CA, and do not provide strong security. The use of default... |
| VCENTER-000030 | Medium | The system must always verify SSL certificates. | Without certificate verification, the user can be subject to a MiTM attack, which potentially might enable compromise through impersonation with the user's credentials to the vCenter Server... |
| VCENTER-000033 | Medium | The connectivity between Update Manager and public patch repositories must be limited. | In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. This connection must be limited as much as possible to prevent access from... |
| VCENTER-000032 | Medium | Default self-signed certificates must not be used by the vCenter Server. | Self-signed certificates, automatically generated by vCenter Server during the installation process, are not signed by a commercial CA, and might not provide strong security. Default self-signed... |
| VCENTER-000034 | Medium | The connectivity between Update Manager and public patch repositories must be limited. | In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. This connection must be limited as much as possible to prevent access from... |
| VCENTER-000027 | Medium | The system must set a timeout for all thick-client logins without activity. | An inactivity timeout must be set for the vSphere Client (Thick Client). This client-side setting can be changed by users, so this must be set by default and re-audited. Automatic session... |
| VCENTER-000007 | Low | The system must disable the managed object browser. | The managed object browser provides a way to explore the object model used by the vCenter to manage the vSphere environment; it enables configurations to be changed as well. This interface is used... |
| VCENTER-000022 | Low | Network access to the vCenter Server system must be restricted. | Restrict access to only those essential components required to communicate with vCenter. Blocking access by unnecessary systems reduces the potential for general attacks on the operating system... |
| VCENTER-000021 | Low | The use of Linux-based clients must be restricted. | Although SSL-based encryption is used to protect communication between client components and vCenter Server or ESXi, the Linux versions of these components do not perform certificate validation.... |
| VCENTER-000008 | Low | The vCenter Server must be installed using a service account instead of a built-in Windows account. | The Microsoft Windows built-in system account or a user account can be used to run vCenter Server. With a user account, the Windows authentication for SQL Server can be enabled; it also provides... |
| VCENTER-000009 | Low | The connectivity between Update Manager and public patch repositories must be limited. | In a typical deployment, Update Manager connects to public patch repositories on the Internet to download patches. This connection should be limited as much as possible to prevent access from the... |
| VCENTER-000006 | Low | The system must disable the datastore browser. | The datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and files, such as VM files. This functionality is controlled by the... |
