Vcenter Server fails Nexpose security scan due to ...

core10 · ‎07-29-2014

I've hardened a vCenter Server 5.5 as much as possible using Nessus and Nexpose scans, but two "severe" risks remain.

LDAP Anonymous Directory Access Permitted-

I am using Active Directory (integrated windows authentication) not Active Directory as LDAP. The Nexpose scan shows a directory service running on the vcenter box itself.

It looks like this LDAP service exists on the vCenter Server and was created by VMWare. This box is not a Windows Domain controller, and the windows domain DOES NOT have Anonymous

Directory access permitted.

I did previously (in version 5.1 before upgrade) have Active Directory as LDAP, but this has been eliminated.

Is VMWare vCenter Server running its own LDAP process that Nexpose is picking up?

Thanks in advance.

MackanNYC · ‎06-26-2015

I'm experiencing the same issue when scanned by nexpose. I had vCenter 5.1 originally, then I did an upgrade to 5.5U2b. Now I'm getting this when scanned.

There are fixes for 5.1, but nothing for 5.5.

Opening a case for this issue.

Markus Forsblom

hollisorama · ‎01-11-2017

Did you ever find an explanation or resolution for this?

All

Vcenter Server fails Nexpose security scan due to LDAP anonymous directory access