The use of Linux-based clients must be restricted.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39559	VCENTER-000021	SV-51417r1_rule		Low

Description
Although SSL-based encryption is used to protect communication between client components and vCenter Server or ESXi, the Linux versions of these components do not perform certificate validation. Even if the self-signed certificates are replaced on vCenter and ESXi with legitimate certificates signed by the local root certificate authority or a third party, communications with Linux clients are still vulnerable to MiTM attacks.

Description

Although SSL-based encryption is used to protect communication between client components and vCenter Server or ESXi, the Linux versions of these components do not perform certificate validation. Even if the self-signed certificates are replaced on vCenter and ESXi with legitimate certificates signed by the local root certificate authority or a third party, communications with Linux clients are still vulnerable to MiTM attacks.

STIG	Date
VMware vCenter Server Version 5 Security Technical Implementation Guide	2016-02-10

Details

Check Text ( C-46784r1_chk )
Verify all client operating systems connecting to the vCenter Server are not Linux. If any client operating system connecting to the vCenter Server is Linux-based, this is a finding.

Fix Text (F-44572r1_fix)
Replace all Linux-based clients connecting to the vCenter Server with non-Linux-based clients.