Attention VMware users! A critical security flaw discovered in the Enhanced Authentication Plugin (EAP) poses a significant threat to your data and system. This obsolete plugin, no longer supported by VMware, retains vulnerabilities that could allow attackers to gain unauthorized access and hijack privileged sessions. Immediate action is important to reduce these risks.
What is the EAP plugin?
The EAP plugin, once used to simplify login to the vSphere management interface, has been discontinued as of March 2021 due to security concerns and incompatibility with modern authentication standards. However, some organizations may still have it installed on their systems.
What are the vulnerabilities?
Two critical vulnerabilities have been identified in the EAP plugin:
- CVE-2024-22245 (Arbitrary Authentication Relay): This vulnerability allows attackers to trick users into requesting and relaying service tickets for unauthorized purposes. This could grant them access to sensitive resources and systems.
- CVE-2024-22250 (Session Hijack): This vulnerability allows attackers with local access to a system to hijack a privileged EAP session initiated by another user. This could grant them elevated privileges and complete control over the system.
Why is this important?
These vulnerabilities carry a high severity rating, indicating a significant risk to system security. By exploiting these vulnerabilities, attackers could gain access to confidential data, disrupt operations, and compromise sensitive systems.
What should you do?
VMware strongly recommends uninstalling the EAP plugin immediately. There is no patch available due to the plugin’s obsolete status and security risks. Follow these steps to uninstall the EAP plugin:
- Windows:
- Go to “Control Panel” > “Programs and Features”.
- Select “VMware Enhanced Authentication Plugin” and click “Uninstall”.
- macOS:
- Open “Finder” and go to “Applications”.
- Drag the “VMware Enhanced Authentication Plugin” icon to the Trash.
Additional resources:
- VMware Security Advisory VMSA-2024-0003: https://www.vmware.com/security/advisories/VMSA-2023-0022.html
- Knowledge Base Article: https://kb.vmware.com/s/article/96442
- Removing the deprecated VMware Enhanced Authentication Plugin (EAP): https://kb.vmware.com/s/article/96442
Stay informed
- Regularly check for security updates from VMware.
- Follow VMware’s social media channels and blog for security announcements.
- Subscribe to email alerts from VMware for critical security updates.
By taking immediate action to uninstall the EAP plugin, you can significantly reduce the risk of attacks and protect your valuable data and systems.