Privileged Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in

CVE-2024-22250

7.8HIGH

Key Information

Vendor: Vmware
Status: Vmware Enhanced Authentication Plug-in (eap)
Vendor: CVE Published:; 20 February 2024

Badges

📰 News Worthy

Summary

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

Affected Version(s)

VMware Enhanced Authentication Plug-in (EAP) = All

News Articles

CVE-2024-22245CVE-2024-22250

VMware issues no-patch advisory for critical flaw in old SSO plugin

The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.

9 months ago

thmubnail image

Help Net Security

CVE-2024-22245CVE-2024-22250

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) - Help Net Security

Vulnerabilities in VMware EAP (CVE-2024-22245, CVE-2024-22250) can be exploited for authentication relay and session hijack attacks.

9 months ago

thmubnail image

GBHackers on Security

CVE-2024-22245CVE-2024-22250

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.

9 months ago

thmubnail image

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

First article discovered by Beeping Computers
Feb 20, 2024
Vulnerability published.
Feb 20, 2024
Vulnerability Reserved.
Jan 8, 2024

Collectors

NVD DatabaseMitre Database4 News Article(s)

.