STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must not automatically refresh client sessions.

DISA Rule

SV-216826r612237_rule

Vulnerability Number

V-216826

Group Title

SRG-APP-000190

Rule Version

VCWN-65-000002

Severity

CAT II

CCI(s)

CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

Fix Recommendation

Change the refresh rate value by editing the "webclient.properties" file.

On the system where vCenter is installed locate the "webclient.properties" file.

Appliance:
/etc/vmware/vsphere-client/

Windows:
C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client

Edit the file to include the line "refresh.rate = -1" where "-1" indicates sessions are not automatically refreshed. Uncomment the line if necessary.

After editing the file the vSphere Web Client service must be restarted.

Check Contents

On the system where vCenter is installed locate the "webclient.properties" file.

Appliance:
/etc/vmware/vsphere-client/

Windows:
C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client

Find the "refresh.rate =" line in the "webclient.properties" file.

If the refresh rate is not set to "-1" in the "webclient.properties" file, this is a finding.

Vulnerability Number

V-216826

Documentable

False

Rule Version

VCWN-65-000002

Severity Override Guidance

Check Content Reference

Target Key

4030

The vCenter Server for Windows must not automatically refresh client sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments