When performing a penetration test, the test may discover anonymous access on VMDir LDAP via port 389 on vCenter Server.
vCenter Server 6.x, 7.x, 8.x
vCenter Server is functioning as designed.
Anonymous access on VMDir LDAP via port 389 is used exclusively for accessing DSE root information and no other VMDir data can be accessed through this anonymous bind.
VMware Engineering has analyzed the anonymous access on VMDir LDAP via port 389 and has concluded that this information does not pose a security risk.