Detections
Analytics
VCWN-65-000068 - The vCenter Server for Windows must use LDAPS when adding an SSO identity source.
Information
LDAP (Lightweight Directory Access Protocol) is an industry standard protocol for querying directory services such as Active Directory. This protocol can operate in clear text or over an SSL/TLS encrypted tunnel. To protect confidentiality of LDAP communications the LDAPS option must be selected when adding an LDAP identity source in vSphere SSO.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration.Click the 'Identity Sources' tab.
For each identity source of type 'Active Directory' where LDAPS is not configured, highlight the item and click the pencil icon to open the edit dialog. Check the box at the bottom for LDAPS and click 'Next'. Click the green plus button to upload the trusted DC certificate or click the magnifying glass to extract the certificate from the DC directly. Click 'Next'. Click 'Finish'.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y23M07_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-216887r879887_rule, STIG-ID|VCWN-65-000068, STIG-Legacy|SV-104669, STIG-Legacy|V-94839, Vuln-ID|V-216887
Plugin: VMware
Control ID: 20279dc12d7727a08ae2be68c27c66a18be268e0c553b616b2b7ac97c4caed65