Vulnerabilities

CVE-2024-22245 - VMWare EAP Improper Authentication Vulnerability

This advisory is for organizations that use the VMWare Enhanced Authentication Plug-in (EAP) on client workstations to login to vSphere’s management interface.  This plugin is not installed by default.

 

Summary

VMWare has reported a critical vulnerability in the EAP which could allow an attacker to target a domain user with EAP installed on their web browser to relay Kerberos service tickets and seize control of privileged EAP sessions.

 

CVE-2024-22245– Authentication Relay Vulnerability

                CVSSv3: 9.6

               

Affected Platforms

VMWare Enhanced Authentication Plug-in (EAP)

 

Mitigations

The EAP was deprecated in March of 2021 with the launch of vCenter Server 7.0 Update 2. VMWare is not patching this vulnerability and is advising users to remove the browser plugin and Windows Service using the step-by-step process outlined at: https://kb.vmware.com/s/article/96442

 

Additional Resources

https://www.vmware.com/security/advisories/VMSA-2024-0003.html

https://nvd.nist.gov/vuln/detail/CVE-2024-22245

https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-remove-deprecated-vulnerable-auth-plug-in/