ClickCease VMWare Urges Users to Uninstall EAP Immediately

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

VMWare Urges Users to Uninstall EAP Immediately

Rohan Timalsina

March 6, 2024 - TuxCare expert team

VMware has issued a no-patch advisory urging users to take swift action by removing the deprecated Enhanced Authentication Plug-in (EAP). EAP was deprecated nearly three years ago, in March 2021, with the rollout of vCenter Server 7.0 Update 2. However, the discovery of an arbitrary authentication relay flaw in EAP, identified as CVE-2024-22245 with a significant CVSS score of 9.6, has sent shockwaves through the virtualization community.

The deprecated Enhanced Authentication Plugin (EAP), once a stalwart component facilitating seamless login to vSphere management interfaces, now stands as a potential gateway for threat actors. VMware’s warning underscores the gravity of the situation: a malicious actor could exploit this vulnerability to manipulate domain users with EAP installed in their web browsers into unwittingly relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

The implications of CVE-2024-22245 extend beyond mere inconvenience. They strike at the heart of virtual infrastructure security, underscoring the imperative for proactive measures. Ceri Coburn from Pen Test Partners, the individual responsible for responsibly reporting these vulnerabilities, has shed light on the severity of the situation.

Moreover, VMware has also discovered a session hijack vulnerability, CVE-2024-22250, with a CVSS score of 7.8. This vulnerability, allowing a malicious actor with unprivileged local access to a Windows operating system to hijack a privileged EAP session, further underscores the multifaceted nature of the threat landscape.

 

Mitigation Measures

 

In light of these vulnerabilities, users are urged to prioritize security measures, which is uninstalling the deprecated Enhanced Authentication Plugin (EAP). To mitigate the CVE-2024-22245 and CVE-2024-22250, administrators must uninstall both the in-browser plugin/client (VMware Enhanced Authentication Plug-in 6.7.0) and the Windows service (VMware Plug-in Service).

Instead of this vulnerable authentication plugin, VMware suggests administrators utilize other authentication methods available in VMware vSphere 8, such as Active Directory over LDAPS, Microsoft Active Directory Federation Services (ADFS), Okta, and Microsoft Entra ID (formerly Azure AD).

 

The sources for this article include a story from BleepingComputer.

Summary
VMWare Urges Users to Uninstall EAP Immediately
Article Name
VMWare Urges Users to Uninstall EAP Immediately
Description
Discover VMware's urgent call to uninstall Enhanced Authentication Plugin amid critical vulnerabilities. Protect your virtual environment now!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter