VCUI-67-000010 - vSphere UI must be configured to limit access to internal packages.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The 'package.access' entry in the '' file implements access control at the package level. When properly configured, a Security Exception will be reported if an errant or malicious web app attempts to access the listed internal classes directly or if a new class is defined under the protected packages. The vSphere UI comes preconfigured with the appropriate packages defined in 'package.access', and this configuration must be maintained.


Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/

Ensure that the 'package.access' line is configured as follows:


See Also

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-239691r679179_rule, STIG-ID|VCUI-67-000010, Vuln-ID|V-239691

Plugin: Unix

Control ID: 7a16f616e63fee1f83dffa7fa5e2b945dc9d75b47243d6eb865ab47d7e7d428c