VMware Alert: Uninstall EAP Now Critical flaws endanger Active Directory

February 21, 2024
1 min read




Article Summary

TLDR:

  • VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) due to a critical security flaw.
  • The flaw, CVE-2024-22245, allows arbitrary authentication relay, putting Active Directory at risk.

VMware has discovered a critical security flaw in the deprecated Enhanced Authentication Plugin (EAP), tracked as CVE-2024-22245 with a CVSS score of 9.6. The vulnerability allows for arbitrary authentication relay, posing a risk to Active Directory. EAP, which has been deprecated since March 2021, is a software package used for direct login to vSphere’s management interfaces through a web browser. Additionally, a session hijack flaw (CVE-2024-22250, CVSS score: 7.8) was also found in the EAP tool. Users are advised to remove the plugin to mitigate potential threats. Alongside this, SonarSource disclosed cross-site scripting flaws in Joomla! and vulnerabilities in the Apex programming language developed by Salesforce. These vulnerabilities underline the importance of software security and timely updates.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and