The VMM must require users to re-authenticate when changing roles.

Description

<VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When VMMs provide the capability to change security roles, it is critical the user re-authenticate.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>