The vCenter Server for Windows must configure the vpxuser password meets length policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-94759	VCWN-65-000024	SV-104589r1_rule		Medium

Description
The vpxuser password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies. Longer passwords make brute-force password attacks more difficult. The vpxuser password is added by vCenter, meaning no manual intervention is normally required. The vpxuser password length must never be modified to less than the default length of 32 characters.

Description

The vpxuser password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies. Longer passwords make brute-force password attacks more difficult. The vpxuser password is added by vCenter, meaning no manual intervention is normally required. The vpxuser password length must never be modified to less than the default length of 32 characters.

STIG	Date
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide	2020-03-27

Details

Check Text ( C-93949r1_chk )
From the vSphere Web Client go to Host and Clusters >> Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Verify that "config.vpxd.hostPasswordLength" is set to "32". or From a PowerCLI command prompt while connected to the vCenter server run the following command: Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength and verify it is set to 32. If the "config.vpxd.hostPasswordLength" is set to a value other than "32" or does not exist, this is a finding.

Check Text ( C-93949r1_chk )

From the vSphere Web Client go to Host and Clusters >> Select a vCenter Server >> Configure >> Settings >> Advanced Settings.

Verify that "config.vpxd.hostPasswordLength" is set to "32".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength and verify it is set to 32.

If the "config.vpxd.hostPasswordLength" is set to a value other than "32" or does not exist, this is a finding.

Fix Text (F-100877r1_fix)
From the vSphere Web Client go to Host and Clusters >> Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Click "Edit" and edit the "config.vpxd.hostPasswordLength" value to "32" or if the value does not exist create it by entering the values in the "Key" and "Value" fields and clicking "Add". or From a PowerCLI command prompt while connected to the vCenter server run the following command: If the setting already exists: Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength \| Set-AdvancedSetting -Value 32 If the setting does not exist: New-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength -Value 32

Fix Text (F-100877r1_fix)

From the vSphere Web Client go to Host and Clusters >> Select a vCenter Server >> Configure >> Settings >> Advanced Settings. Click "Edit" and edit the "config.vpxd.hostPasswordLength" value to "32" or if the value does not exist create it by entering the values in the "Key" and "Value" fields and clicking "Add".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

If the setting already exists:
Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength | Set-AdvancedSetting -Value 32

If the setting does not exist:
New-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength -Value 32