Solved: Re: SSO and Vulnerabilities

TheVMinator · ‎01-28-2015

I have a few accounts in SSO that have full privileges to do anything in SSO. However only adminstrator@vsphere.local has any permissions in vCenter Server. Do the accounts that have full privileges in SSO, but are not given any privileges in vCenter, represent a vulnerability to vCenter if compromised, or just to SSO?

mikefoley · ‎01-29-2015

If you have an account with full privileges in SSO then even if they don't have permissions on vCenter they could compromise the administrator@vsphere.local account (change password for example) and get full access.

mike

View solution in original post

Texiwill · ‎01-29-2015

Hello,

I would think just to SSO. But I think we should get another opinion here.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

mikefoley · ‎01-29-2015

If you have an account with full privileges in SSO then even if they don't have permissions on vCenter they could compromise the administrator@vsphere.local account (change password for example) and get full access.

mike

TheVMinator · ‎02-13-2015

Thanks!

All

SSO and Vulnerabilities