An error occurred:

Check: SRG-OS-000280-VMM-001020

Virtual Machine Manager SRG: SRG-OS-000280-VMM-001020 (in versions v2 r2 through v1 r3)

Title

VMMs requiring user access authentication must provide a logout capability for user-initiated communications sessions. (Cat II impact)

Discussion

If a user cannot explicitly end a VMM session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Information resources to which users gain access via authentication include, for example, local workstations and remote services. For some types of interactive sessions, including, for example, remote login, VMMs typically send logout messages as final messages prior to terminating sessions.

Check Content

Verify VMMs requiring user access authentication provide a logout capability for user-initiated communications sessions. If they do not, this is a finding.

Fix Text

Configure VMMs requiring user access authentication to provide a logout capability for user-initiated communications sessions.

Additional Identifiers

Rule ID: SV-207433r958638_rule

Vulnerability ID: V-207433

Group Title: SRG-OS-000280

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002363

Provide a logout capability for user-initiated communications sessions whenever authentication is used to gain access to organization-defined information resources.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-12(1)

User-initiated Logouts / Message Displays