VMware has issued a no-patch advisory urging users to take swift action by removing the deprecated Enhanced Authentication Plug-in (EAP). EAP was deprecated nearly three years ago, in March 2021, with the rollout of vCenter Server 7.0 Update 2. However, the discovery of an arbitrary authentication relay flaw in EAP, identified as CVE-2024-22245 with a significant CVSS score of 9.6, has sent shockwaves through the virtualization community.
The deprecated Enhanced Authentication Plugin (EAP),…