Check: VCTR-67-000043
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000043
(in versions v1 r4 through v1 r1)
Title
The vCenter Server passwords must contain at least one special character. (Cat II impact)
Discussion
To enforce the use of complex passwords, minimum numbers of characters of different classes are mandated. The use of complex passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques. Complexity requirements increase the password search space by requiring users to construct passwords from a larger character set than they may otherwise use.
Check Content
From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Password Policy. View the values of the password format requirements. The following password requirements should be set at a minimum: Special Characters: At least 1 If this password complexity policy is not configured as stated, this is a finding.
Fix Text
From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Password Policy. Click "Edit". Set "Special Characters" to at least "1" and click "OK".
Additional Identifiers
Rule ID: SV-243103r879606_rule
Vulnerability ID: V-243103
Group Title: SRG-APP-000169
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001619 |
The information system enforces password complexity by the minimum number of special characters used. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |