all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

Add to bookmarks
Feb. 21, 2024, 12:52 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021. About the vulnerabilities (CVE-2024-22245, CVE-2024-22250) The EAP plugin is installed on client workstations to allow single sign-on (SSO) to vSphere’s management … More →


The post …

attackers attacks authentication cloud computing cve don't miss eap enterprise exploited hijack hot stuff hybrid cloud pen test partners plugin relay remove session session hijack uninstall virtualization vmware vmware vsphere vsphere vulnerabilities vulnerability vulnerable

Visit resource

More from www.helpnetsecurity.com / Help Net Security

McAfee and Intel collaborate to combat deepfakes with Deepfake Detector an hour ago | www.helpnetsecurity.com
advanced ai-powered consumers deepfake +16
Strategies for preventing AI misuse in cybersecurity 4 hours ago | www.helpnetsecurity.com
ai models ai tools analytics artificial intelligence +25
How to prepare for the CISSP exam: Tips from industry leaders 4 hours ago | www.helpnetsecurity.com
article certification certified ciso +24
Organizations go ahead with AI despite security risks 5 hours ago | www.helpnetsecurity.com
adoption ai adoption ai security amp +19
Privacy requests increased 246% in two years 5 hours ago | www.helpnetsecurity.com
access cybersecurity data data deletion +14
How MFA can improve your online security 6 hours ago | www.helpnetsecurity.com
access attacks authentication barr advisory +26
eBook: CISSP fundamentals in focus 6 hours ago | www.helpnetsecurity.com
access access control business career +22
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks 1 day, 1 hour ago | www.helpnetsecurity.com
alto articles attackers attacks +25
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2 days, 18 hours ago | www.helpnetsecurity.com
android android apps app apps +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com
View more jobs