VMware issues no-patch advisory for critical flaw in old SSO plugin

VMware issues no-patch advisory for critical flaw in old SSO plugin


VMware issued a security advisory Tuesday warning users to uninstall the VMware Enhanced Authentication Plug-in (EAP) due to critical and high severity vulnerabilities.

The VMware EAP is a deprecated browser plugin that enables seamless single sign-on (SSO) to vSphere’s management interface from client workstations. It is an optional feature that stopped receiving support with the release of VMware vCenter Server 7.0.0u2 in March 2021.

A critical vulnerability in the VMWare EAP, tracked as…



Source link