STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must use a limited privilege account when adding an LDAP identity source.

DISA Rule

SV-243124r719615_rule

Vulnerability Number

V-243124

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000069

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration.

Click the "Identity Sources" tab.

For each identity source that has been configured with a highly privileged AD account, highlight the item and click "Edit".

Change the username and password to one with read-only rights to the base DN and complete the dialog.

Check Contents

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration.

Click the "Identity Sources" tab.

For each identity source with of type "Active Directory", highlight the item and click "Edit".

If the account that is configured to bind to the LDAPS server is not one with minimal privileges, this is a finding.

Vulnerability Number

V-243124

Documentable

False

Rule Version

VCTR-67-000069

Severity Override Guidance

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration.

Click the "Identity Sources" tab.

For each identity source with of type "Active Directory", highlight the item and click "Edit".

If the account that is configured to bind to the LDAPS server is not one with minimal privileges, this is a finding.

Check Content Reference

M

Target Key

5399

Comments