VMWare Urges Users to Uninstall EAP Immediately

VMWare Urges Users to Uninstall EAP Immediately


VMware has issued a no-patch advisory urging users to take swift action by removing the deprecated Enhanced Authentication Plug-in (EAP). EAP was deprecated nearly three years ago, in March 2021, with the rollout of vCenter Server 7.0 Update 2. However, the discovery of an arbitrary authentication relay flaw in EAP, identified as CVE-2024-22245 with a significant CVSS score of 9.6, has sent shockwaves through the virtualization community.

The deprecated Enhanced Authentication Plugin (EAP),…



Source link