This advisory is for organizations that use the VMWare Enhanced Authentication Plug-in (EAP) on client workstations to login to vSphere’s management interface. This plugin is not installed by default.
Summary
VMWare has reported a critical vulnerability in the EAP which could allow an attacker to target a domain user with EAP installed on their web browser to relay Kerberos service tickets and seize control of privileged EAP sessions.
CVE-2024-22245– Authentication Relay Vulnerability
CVSSv3: 9.6
Affected Platforms
VMWare Enhanced Authentication Plug-in (EAP)
Mitigations
The EAP was deprecated in March of 2021 with the launch of vCenter Server 7.0 Update 2. VMWare is not patching this vulnerability and is advising users to remove the browser plugin and Windows Service using the step-by-step process outlined at: https://kb.vmware.com/s/article/96442
Additional Resources
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
https://nvd.nist.gov/vuln/detail/CVE-2024-22245
https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-remove-deprecated-vulnerable-auth-plug-in/