VCWN-06-000025 - The system must disable the managed object browser at all times, when not required for troubleshooting or maintenance.

Information

The managed object browser provides a way to explore the object model used by the vCenter to manage the vSphere environment; it enables configurations to be changed as well. This interface is used primarily for debugging, and might potentially be used to perform malicious configuration changes or actions.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If the datastore browser is enabled and required for object maintenance, no fix is immediately required.

Disable the managed object browser:
Determine the location of the vpxd.cfg file on the Windows host.
Edit the file and locate the <vpxd> ... </vpxd> element.
Ensure the following element is set. <enableDebugBrowse>false</enableDebugBrowse>

Restart the vCenter Service to ensure the configuration file change(s) are in effect.

See Also

http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_vCenter_Server_for_Windows_V1R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Group-ID|V-63987, Rule-ID|SV-78477r1_rule, STIG-ID|VCWN-06-000025, Vuln-ID|V-63987

Plugin: VMware

Control ID: e1d5139230e22ebfcd0e9ab75a9e43799c7bfb37a26093ea5b70f8d8d2d865b5