VMware Warning: Uninstall EAP now

VMware EAP

VMware is urging users to remove the outdated Enhanced Authentication Plugin (EAP) after discovering a critical security flaw.

Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug.

“A malicious actor could trick a target domain user with EAP in their web browser to request and pass service tickets for arbitrary Active Directory Service Principal Names (SPNs),” the company said. said for advice.

EAP, terminated as of March 2021, is a software package designed to enable direct login to vSphere management interfaces and tools via a web browser. It is not included by default and is not part of vCenter Server, ESXi or Cloud Foundation.

The same tool also discovers a session hijacking flaw (CVE-2024-22250, CVSS score: 7.8), which could allow a malicious actor with unauthorized local access to a Windows operating system to take over a privileged EAP session.


Ceri Coburn of Pen Test Partners is credited with discovering and reporting the duplicate vulnerabilities.

It’s worth pointing out that the shortcomings only affect users who added EAP to Microsoft Windows systems to connect to VMware vSphere via the vSphere Client.

The Broadcom-owned company said the vulnerabilities will instead not be addressed recommend to users to remove the plugin altogether to limit potential threats.

“The Enhanced Authentication Plugin can be removed from client systems using the client operating system’s method of uninstalling software,” it reads. added.

The revelation comes after SonarSource revealed multiple cross-site scripting (XSS) flaws (CVE-2024-21726) affecting the Joomla! Content management system. It has been addressed in versions 5.0.3 and 4.4.3.

“Inadequate content filtering leads to XSS vulnerabilities in several components”, Joomla! said in its own advisory, rating the bug as moderate in severity.

“Attackers can exploit this issue to remotely execute code by tricking an administrator into clicking a malicious link,” said security researcher Stefan Schiller. said. Additional technical details about the error are currently under wraps.


In a related development, several high and critical severity vulnerabilities and misconfigurations have been identified in the Apex programming language developed by Salesforce to build business applications.

At the heart of the problem is the ability to run Apex code in “no sharing” mode, which ignores a user’s permissions, allowing malicious actors to read or exfiltrate data, and even provide specially crafted input to change the execution flow.

“If exploited, the vulnerabilities could lead to data breaches, data corruption, and damage to business functions in Salesforce,” said Varonix security researcher Nitay Bachrach said.

#VMware #Warning #Uninstall #EAP

Notify of
Inline Feedbacks
View all comments
Previous Post
VietCredCare Stealer

New ‘VietCredCare’ Stealer Targets Facebook Advertisers in Vietnam

Next Post
Disinformation and Credential-Harvesting Attacks

Russian hackers target Ukraine with disinformation and credential harvesting attacks

Related Posts