In a recent security advisory, VMware urgently recommended the removal of the Enhanced Authentication Plug-in (EAP) due to the discovery of critical vulnerabilities named CVE-2024-22245 and CVE-2024-22250.
The outdated EAP, which provided Windows authentication and Windows smart card support for VSphere, has been identified as carrying two vulnerabilities, one of which is rated critical.
The decision to deprecate EAP was made by VMware in March 2021, and users are now advised to disable it immediately. Criticism vulnerabilityidentified as CVE-2024-22245 with a CVSS score of 9.6, poses a risk to users.
Decoding CVE-2024-22245 and CVE-2024-22250 vulnerabilities
CVE-2024-22245 has been classified as an arbitrary authentication relay bug, which could potentially allow a malicious actor to trick a user in the target domain with EAP installed in their account. Web browser by requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
Additionally, the second vulnerability, called CVE-2024-22250 and with a score of 7.8 on the CVSS scale, has been identified as a session hijacking vulnerability. However, this vulnerability can only be exploited by a local attacker with unprivileged local access to a Windows operating system.
In VMware’s opinion, a malicious actor with such access can hijack a privileged EAP session initiated by a privileged domain user on the same system.
These critical vulnerabilities were discovered and reported by Ceri Coburn of Penetration Testing Partnersemphasizing the importance of cybersecurity best practices and continuous monitoring of potential threats.
VMware Vulnerability Advisories
VMware has clarified that EAP will not be patched due to the inherent risks associated with its use. Organizations choosing to continue using the EAP should work around security features in their modern web browsers, a practice strongly discouraged.
In light of these vulnerabilities, users are encouraged to explore alternative authentication methods, including logging into Active Directory through LDAPS, Active Directory Federation Services, Okta, and Microsoft Entra ID.
Both CVE-2024-22245 and CVE-2024-22250 threatens the security of individuals and highlights the It is crucial to address security vulnerabilities quickly to mitigate potential risks.
For more information and guidance, users can refer to the National Vulnerability Database (NVD) and official VMware security advisories.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.