Arbitrary Authentication Relay and Session Hijack Vulnerabilities in VMware EAP
Key Information
- Vendor
- Vmware
- Status
- Vmware Enhanced Authentication Plug-in (eap)
- Vendor
- CVE Published:
- 20 February 2024
Badges
Summary
The VMware Enhanced Authentication Plug-in has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that can lead to authentication relay and session hijack attacks. These vulnerabilities have not been and will not be fixed, so VMware is urging admins to uninstall the EAP plugin. The first vulnerability allows attackers to request arbitrary Kerberos service tickets on behalf of a user visiting a malicious website, while the second vulnerability can be exploited by local users to request Kerberos tickets from other users during authentication to the VMware vSphere web console. There are no known exploitations of these vulnerabilities in the wild. Users can follow VMware's instructions for removing the plugin, and those using vSphere v7 will eventually be forced to upgrade to v8 if they wish to continue using SSO-based authentication. It is recommended to leverage other authentication methods supported by vSphere 8, including connections to Active Directory over LDAPS, Microsoft Active Directory Federation Services, Okta, and Microsoft Entra ID. These vulnerabilities expose VMware users to potential security risks and the lack of a patch raises concerns about the protection of affected systems.
Affected Version(s)
VMware Enhanced Authentication Plug-in (EAP) <= All
News Articles
VMware issues no-patch advisory for critical flaw in old SSO plugin
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
8 months ago
Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP (CVE-2024-1597, CVE-2024-22245)
Critical Vulnerabilities in ConnectWise ScreenConnect, PostgreSQL JDBC, and VMware EAP (CVE-2024-1597, CVE-2024-22245) ConnectWise has addressed a CVSS 10 vulnerability in its ScreenConnect product, a desktop and mobile …
8 months ago
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) - Help Net Security
Vulnerabilities in VMware EAP (CVE-2024-22245, CVE-2024-22250) can be exploited for authentication relay and session hijack attacks.
8 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by Beeping Computers
Vulnerability published.
Vulnerability Reserved.