VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

2024-02-21 05:34

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying

News URL

https://thehackernews.com/2024/02/vmware-alert-uninstall-eap-now-critical.html

#activedirectory #critical #vmware #CVE-2024-22245

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-20	CVE-2024-22245	Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Vmware		146	11	223	256	102	592