Details
The Managed Object Browser (MOB) is a web-based server application that lets you
examine objects that exist on the server side. This is installed and started automatically
when vCenter is installed.
*Rationale*
The MOB is meant to be used primarily for debugging the vSphere SDK. Because there are no access controls,
the MOB could also be used as a method to obtain information about a host being targeted for unauthorized access.
Solution
To disable the MOB, run the following ESXi shell command:
vim-cmd proxysvc/remove_service ‘/mob’ ‘httpsWithRedirect’
Additionally, the following PowerCLI command may be used:
Get-VMHost | Get-AdvancedSetting -Name
Config.HostAgent.plugins.solo.enableMob |Set-AdvancedSetting -value “false”
Note: You cannot disable the MOB while a host is in lockdown mode.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.