VCTR-67-000026 - The vCenter Server must check the privilege reassignment after restarts.

Information

Check for privilege reassignment when restarting vCenter Server. If the user or user group that is assigned the Administrator role on the root folder cannot be verified as a valid user or group during a restart, the role is removed from that user or group. In its place, vCenter Server grants the Administrator role to the vCenter Single Sign-On account [email protected]. This account can then act as the Administrator.

Reestablish a named Administrator account and assign the Administrator role to that account to avoid using the anonymous [email protected] account.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

As the SSO Administrator, log in to the vCenter Server and restore a legitimate Administrator account per site-specific user/group/role requirements.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-243092r879887_rule, STIG-ID|VCTR-67-000026, Vuln-ID|V-243092

Plugin: VMware

Control ID: b059e92d8ba3239b787b2169b5ec76712e4fc1d497cba3a7d6c0f584c2d66304