STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must not automatically refresh client sessions.

DISA Rule

SV-243125r719618_rule

Vulnerability Number

V-243125

Group Title

SRG-APP-000190

Rule Version

VCTR-67-000070

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Change the refresh rate value by editing the "webclient.properties" file.

On the vCenter Server locate the "webclient.properties" file in
C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client

Edit the file to include the line "refresh.rate = -1" where "-1" indicates sessions are not automatically refreshed. Uncomment the line if necessary.

After editing the file the vSphere Client service must be restarted.

Check Contents

Note: For vCenter Server Appliance, this is not applicable.

On the vCenter Server locate the "webclient.properties" file in
C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client

Find the "refresh.rate =" line in the "webclient.properties" file.

If the refresh rate is not set to "-1" in the "webclient.properties" file, this is a finding.

Vulnerability Number

V-243125

Documentable

False

Rule Version

VCTR-67-000070

Severity Override Guidance

Note: For vCenter Server Appliance, this is not applicable.

On the vCenter Server locate the "webclient.properties" file in
C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client

Find the "refresh.rate =" line in the "webclient.properties" file.

If the refresh rate is not set to "-1" in the "webclient.properties" file, this is a finding.

Check Content Reference

M

Target Key

5399

Comments