Privileged Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in
Key Information
- Vendor
- Vmware
- Status
- Vmware Enhanced Authentication Plug-in (eap)
- Vendor
- CVE Published:
- 20 February 2024
Badges
Summary
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
Affected Version(s)
VMware Enhanced Authentication Plug-in (EAP) = All
News Articles
VMware issues no-patch advisory for critical flaw in old SSO plugin
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
8 months ago
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) - Help Net Security
Vulnerabilities in VMware EAP (CVE-2024-22245, CVE-2024-22250) can be exploited for authentication relay and session hijack attacks.
8 months ago
VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks
VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.
8 months ago
CVSS V3.1
Timeline
First article discovered by Beeping Computers
Vulnerability published.
Vulnerability Reserved.