Admins Urged to Uninstall VMware EAP Amid Critical Flaws

VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attacks targeting the VMware Enhanced Authentication Plug-in (EAP) within Windows domain environments.

Threat Level – Red | Vulnerability Report