The managed object browser (MOB) is a vSphere utility that provides a way to explore the VMkernel object model. However, attackers can use this interface to perform malicious configuration changes or actions because it is possible to change the host configuration by using the MOB. Use the MOB only for debugging, and ensure that it is deactivated in production systems.

The MOB is deactivated by default. However, for certain tasks, for example when extracting the old certificate from a system, you have to use the MOB. You can activate and deactivate the MOB as follows.

Procedure

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, click Advanced System Settings.
  4. Check the value of Config.HostAgent.plugins.solo.enableMob, and click Edit to change it as appropriate.
    Do not use vim-cmd from the ESXi Shell.