| The Managed Object Browser (MOB) was designed to be used by SDK developers to assist in the development, programming, and debugging of objects. It is an inventory object, full-access interface, allowing attackers to determine the inventory path of an infrastructure's managed entities. |
Check the operational status of the MOB :
Determine the location of the vpxd.cfg file on the vCenter Server's Windows OS host.
Edit the file and locate the ... element.
Ensure the following element is set. false
If the MOB is currently enabled, ask the SA if it is being used for object maintenance.
If the enableDebugBrowse element is enabled (set to true), and object maintenance is not being performed, this is a finding.
If the enableDebugBrowse element is enabled (set to true), and object maintenance is being performed, this is not a finding.