all InfoSec news
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
Help Net Security www.helpnetsecurity.com
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021. About the vulnerabilities (CVE-2024-22245, CVE-2024-22250) The EAP plugin is installed on client workstations to allow single sign-on (SSO) to vSphere’s management … More →
The post …
attackers attacks authentication cloud computing cve don't miss eap enterprise exploited hijack hot stuff hybrid cloud pen test partners plugin relay remove session session hijack uninstall virtualization vmware vmware vsphere vsphere vulnerabilities vulnerability vulnerable