STIGQter STIGQter: STIG Summary: VMware ESXi Server 5.0 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 27 Jan 2017: The system must ensure the vpxuser password meets length policy.

DISA Rule

SV-51118r1_rule

Vulnerability Number

V-39302

Group Title

SRG-OS-99999-ESXI5

Rule Version

SRG-OS-99999-ESXI5-000146

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Set the "config.vpxd.hostPasswordLength" to comply with site requirements. Default is 32 characters. Note that the vpxuser password is added by vCenter, meaning no manual intervention is required. The vpxuser password length must never be modified to less than the default length of 32 characters.

Check Contents

The default minimum length for passwords is 14. The vpxuser password default length is 32 characters. The vpxuser password length must never be modified to less than the default length of 32 characters. From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Verify the "config.vpxd.hostPasswordLength" is set to 32 or greater. Default is 32 characters.

If the "config.vpxd.hostPasswordLength" setting is less than 32, this is a finding.

Vulnerability Number

V-39302

Documentable

False

Rule Version

SRG-OS-99999-ESXI5-000146

Severity Override Guidance

The default minimum length for passwords is 14. The vpxuser password default length is 32 characters. The vpxuser password length must never be modified to less than the default length of 32 characters. From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Verify the "config.vpxd.hostPasswordLength" is set to 32 or greater. Default is 32 characters.

If the "config.vpxd.hostPasswordLength" setting is less than 32, this is a finding.

Check Content Reference

M

Target Key

2370

Comments