Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-94845 | VCWN-65-000026 | SV-104675r1_rule | Medium |
Description |
---|
Check for privilege reassignment when you restart vCenter Server. If the user or user group that is assigned the Administrator role on the root folder cannot be verified as a valid user or group during a restart, the role is removed from that user or group. In its place, vCenter Server grants the Administrator role to the vCenter Single Sign-On account administrator@vsphere.local. This account can then act as the administrator. Reestablish a named administrator account and assign the Administrator role to that account to avoid using the anonymous administrator@vsphere.local account. |
STIG | Date |
---|---|
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2020-03-27 |
Check Text ( C-94041r1_chk ) |
---|
After the Windows server hosting the vCenter Server has been rebooted, a vCenter Server user or member of the user group granted the administrator role must log in and verify the role permissions remain intact. If the user and/or user group granted vCenter administrator role permissions cannot be verified as intact, this is a finding. |
Fix Text (F-100969r1_fix) |
---|
As the SSO Administrator, log in to the vCenter Server and restore a legitimate administrator account per site-specific user/group/role requirements. |