Details
Authentication should be configured so there is a maximum number of consecutive failed
login attempts for each account, at which point the account at risk will be locked out.
*Rationale*
Multiple account login failures for the same account could possibly be an attacker trying to brute force guess the password.
Solution
To verify the maximum failed login attempts is set properly, perform the following steps:
1. From the vSphere Web Client, select the host.
2. Click “Configure” -> “Settings” -> “System” -> “Advanced System Settings”.
3. Enter “Security.AccountLockFailures” in the filter.
4. Verify that the value for this parameter is 3.
Alternately, the following PowerCLI command may be used:
Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures
Supportive Information
The following resource is also helpful.
This control applies to the following type of system VMware.