Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93959 | ESXI-65-000006 | SV-104045r1_rule | Medium |
Description |
---|
By limiting the number of failed login attempts, the risk of unauthorized access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
STIG | Date |
---|---|
VMware vSphere 6.5 ESXi Security Technical Implementation Guide | 2019-12-13 |
Check Text ( C-93277r1_chk ) |
---|
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Select the Security.AccountUnlockTime value and verify it is set to 900. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime and verify it is set to 900. If the Security.AccountUnlockTime is set to a value other than 900, this is a finding. |
Fix Text (F-100207r1_fix) |
---|
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Click Edit and select the Security.AccountUnlockTime value and configure it to 900. or From a PowerCLI command prompt while connected to the ESXi host run the following commands: Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900 |