VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) – Help Net Security

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) – Help Net Security


VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks.

The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021.

About the vulnerabilities (CVE-2024-22245, CVE-2024-22250)

The EAP plugin is installed on client…



Source link