UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter STS service must disable stack tracing.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258977 VCST-80-000036 SV-258977r960963_rule Medium
Description
Stack tracing provides debugging information from the application call stacks when a runtime error is encountered. If stack tracing is left enabled, Tomcat will provide this call stack information to the requestor, which could result in the loss of sensitive information or data that could be used to compromise the system.
STIG Date
VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide 2024-07-11

Details

Check Text ( C-62717r934587_chk )
At the command prompt, run the following command:

# xmllint --xpath "//Connector[@allowTrace = 'true']" /usr/lib/vmware-sso/vmware-sts/conf/server.xml

Expected result:

XPath set is empty

If any connectors are returned, this is a finding.
Fix Text (F-62626r934588_fix)
Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/server.xml

Navigate to and locate:

'allowTrace="true"'

Remove the 'allowTrace="true"' setting.

Note: If "allowTrace" is not present, it defaults to false.

Restart the service with the following command:

# vmon-cli --restart sts