The vCenter ESX Agent Manager service cookies must have secure flag set.

An XCCDF Rule

Description

The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a cookie in clear text. By setting the secure flag, the browser will prevent the transmission of a cookie over an unencrypted channel.

ID: SV-259004r960792_rule
Version: VCEM-80-000005
Severity: Medium
References: CCI-000213
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/usr/lib/vmware-eam/web/webapps/eam/WEB-INF/web.xml

Navigate to the <session-config> node and configure the <secure> setting as follows:
<session-config>
  <session-timeout>30</session-timeout>
  <cookie-config>
      <http-only>true</http-only>
      <secure>true</secure>
  </cookie-config>
</session-config>

Restart the service with the following command:

# vmon-cli --restart eam

The vCenter ESX Agent Manager service cookies must have secure flag set.

Description

Remediation Templates

A Manual Procedure