Privileged Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in
CVE-2024-22250
What is CVE-2024-22250?
The vulnerability exists in the Deprecated VMware Enhanced Authentication Plug-in, where a session hijack can occur. This allows a malicious actor with unprivileged local access to a Windows operating system to hijack a privileged EAP session initiated by a privileged domain user on the same system. This vulnerability poses significant risks, as it can lead to unauthorized access to sensitive operations or data within the affected environment, highlighting the urgent need for remediation to protect user sessions.
Affected Version(s)
VMware Enhanced Authentication Plug-in (EAP) Windows All
News Articles
VMware issues no-patch advisory for critical flaw in old SSO plugin
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
Help Net SecurityVMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) - Help Net Security
Vulnerabilities in VMware EAP (CVE-2024-22245, CVE-2024-22250) can be exploited for authentication relay and session hijack attacks.
GBHackers on SecurityVMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks
VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.