Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:51 p.m.6 views

CVE-2024-22245

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

9.6CVSS7.3AI score0.01262EPSS
Exploits0References1
VMware
VMware
added 2024/05/07 12:0 a.m.32 views

VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)

Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...

9.6CVSS8.8AI score0.01262EPSS
Exploits0References17Affected Software1
F5 Networks
F5 Networks
added 2024/05/02 11:29 a.m.35 views

K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250

Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...

9.6CVSS8.6AI score0.01262EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/21 6:50 a.m.34 views

No fix KrbRelay VMware style

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...

9.6CVSS7.2AI score0.01262EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/02/21 5:34 a.m.44 views

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...

9.8CVSS10AI score0.48839EPSS
Exploits1
Circl
Circl
added 2024/02/20 7:27 p.m.4 views

CVE-2024-22245

creationtimestamp| type| source ---|---|--- 2024-02-20 19:27:17+00:00| seen| https://t.me/ctinow/188847 2024-02-20 19:32:04+00:00| seen| https://t.me/ctinow/188863 2024-02-21 06:38:32+00:00| seen| https://t.me/thehackernews/4578 2024-02-21 07:22:31+00:00| seen| https://t.me/KomunitiSiber/1522...

9.6CVSS7.5AI score0.01262EPSS
Exploits0References8
NVD
NVD
added 2024/02/20 6:15 p.m.12 views

CVE-2024-22245

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

9.6CVSS9.6AI score0.01262EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 5:35 p.m.118 views

CVE-2024-22245

CVE-2024-22245 describes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug‑in (EAP). The issue allows a user’s browser to be coerced into requesting and relaying Kerberos service tickets for arbitrary SPNs, enabling credential ...

9.6CVSS9.6AI score0.01262EPSS
Exploits0References1
Rows per page
Query Builder