STIGQter: STIG Summary: VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VAMI must use cryptography to protect the integrity of remote sessions.

DISA Rule

SV-239717r679261_rule

Vulnerability Number

V-239717

Group Title

SRG-APP-000015-WSR-000014

Rule Version

VCLD-67-000003

Severity

CAT II

CCI(s)

CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.
CCI-000381 - The organization configures the information system to provide only essential capabilities.
CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.
CCI-002314 - The information system controls remote access methods.
CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Add or reconfigure the following value:

ssl.engine = "enable"

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "ssl.engine"

Expected result:

ssl.engine = "enable"

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239717

Documentable

False

Rule Version

VCLD-67-000003

Severity Override Guidance

Check Content Reference

Target Key

5335

VAMI must use cryptography to protect the integrity of remote sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments