In a recent advisory, VMware has sounded the alarm over a critical security flaw found within its Enhanced Authentication Plugin (EAP), urging users to take immediate action by uninstalling the plugin. Identified with a severity score of 9.6, this vulnerability, tracked as CVE-2024-22245, exposes systems to arbitrary authentication relay attacks, potentially compromising Active Directory Service Principal Names (SPNs).
EAP, which has not been actively supported since March 2021, allows for direct web browser login to vSphere management interfaces. Despite its deprecation, the discovery of this flaw, along with a session hijack vulnerability (CVE-2024-22250, CVSS score: 7.8), underscores the ongoing risks associated with outdated software components.
Ceri Coburn of Pen Test Partners initially reported these vulnerabilities, highlighting the critical need for users to eliminate the plugin from their systems to protect against exploitation. VMware has clarified that these issues are confined to the EAP added to Microsoft Windows systems and has opted not to address the vulnerabilities, instead advising for the plugin’s complete removal.
This advisory comes amidst broader cybersecurity concerns, including newly disclosed XSS vulnerabilities in the Joomla! content management system and significant security gaps in Salesforce’s Apex programming language. These developments serve as a stark reminder of the ever-evolving landscape of cyber threats and the importance of maintaining rigorous security practices.
As the digital community navigates these challenges, the response from VMware emphasizes the critical nature of proactive cybersecurity measures to safeguard sensitive information and infrastructure.