Arbitrary Authentication Relay and Session Hijack Vulnerabilities in VMware EAP
CVE-2024-22245
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 20 February 2024
Badges
What is CVE-2024-22245?
CVE-2024-22245 is a critical vulnerability affecting the deprecated VMware Enhanced Authentication Plug-in (EAP). This plugin is designed to enhance security measures within VMware environments by providing additional authentication mechanisms. The vulnerability allows malicious actors to exploit arbitrary authentication relay and session hijacking, potentially compromising an organization’s security. By tricking a target user, an attacker can hijack their authentication process, thereby gaining unauthorized access to sensitive resources within an Active Directory environment. This could result in severe operational disruptions, data breaches, and unauthorized control over systems.
Technical Details
The vulnerability arises from flaws in the EAP that enable a malicious user to manipulate service ticket requests. Specifically, attackers can trick a domain user with the EAP installed on their web browser into requesting and subsequently relaying service tickets for arbitrary Service Principal Names (SPNs). This can lead to unauthorized access to resources, as the attacker can effectively pose as a legitimate user within the affected environment. Given the full integration of EAP within VMware’s infrastructure, this vulnerability can potentially affect various services and operations that rely on Active Directory authentication.
Impact of the Vulnerability
-
Unauthorized Access: The primary impact of CVE-2024-22245 is the ability for an attacker to gain unauthorized access to sensitive resources within an organization’s network. This can lead to data theft, manipulation of sensitive information, and unauthorized transactions.
-
Compromise of Active Directory Security: The vulnerability can significantly weaken the security of Active Directory implementations, allowing attackers to bypass established authentication mechanisms. This compromises the integrity of user permissions and can facilitate further exploitation within the network.
-
Potential Operational Disruption: Exploitation of this vulnerability can lead to service disruptions, system compromise, and a high likelihood of operational downtime. Organizations may face substantial challenges in remediation efforts and restoring services, resulting in financial and reputational damage.
Affected Version(s)
VMware Enhanced Authentication Plug-in (EAP) Windows All
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
VMware issues no-patch advisory for critical flaw in old SSO plugin
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
11 months ago
malware.newsCritical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP (CVE-2024-1597, CVE-2024-22245)
Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP (CVE-2024-1597, CVE-2024-22245) ConnectWise has addressed a CVSS 10 vulnerability in its ScreenConnect product, a desktop and mobile …
11 months ago
Help Net SecurityVMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) - Help Net Security
Vulnerabilities in VMware EAP (CVE-2024-22245, CVE-2024-22250) can be exploited for authentication relay and session hijack attacks.
11 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
- 📰
First article discovered by Beeping Computers
Vulnerability published
Vulnerability Reserved