UCF STIG Viewer Logo

The system must ensure the vpxuser password meets length policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63985 VCWN-06-000024 SV-78475r1_rule Medium
Description
The vpxuser password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies. Longer passwords make brute-force password attacks more difficult. The vpxuser password is added by vCenter, meaning no manual intervention is normally required. The vpxuser password length must never be modified to less than the default length of 32 characters.
STIG Date
VMware vSphere vCenter Server Version 6 Security Technical Implementation Guide 2017-07-11

Details

Check Text ( C-64737r1_chk )
From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings. Verify that config.vpxd.hostPasswordLength is set to 32.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength and verify it is set to 32.

If the config.vpxd.hostPasswordLength is set to a value other than 32 or does not exist, this is a finding.
Fix Text (F-69915r1_fix)
From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings. Click Edit and edit the config.vpxd.hostPasswordLength setting to 32 or if the value does not exist create it by entering the values in the Key and Value fields and clicking Add.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

If the setting already exists:

Get-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength | Set-AdvancedSetting -Value 32

If the setting does not exist:

New-AdvancedSetting -Entity -Name config.vpxd.hostPasswordLength -Value 32