VCENTER-000029 - vSphere Client plugins must be verified.

Information

The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, Web-based functionality. vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.

Solution

Disable/remove all listed plug-ins that cannot be verified as distributed from trusted sources:
From the vSphere client, connect to the vCenter server.
On the menu bar, go to 'Plug-ins >> Manage Plug-ins'.
Under Installed Plug-ins, right-click the plug-in of choice and select Disable.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39564, Rule-ID|SV-250745r799925_rule, STIG-ID|VCENTER-000029, STIG-Legacy|SV-51422, STIG-Legacy|V-39564, Vuln-ID|V-250745

Plugin: VMware

Control ID: b290ec0761acf4c5da139eb88f3d226841d196a728e326a9bfa5155c6da31e25