8 matches found
CVE-2024-22245
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
VMSA-2024-0003:Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)
Advisory ID: | VMSA-2024-0003 ---|--- CVSSv3 Range: | 9.6 - 7.8 Issue Date: | 2024-02-20 Updated On: | 2024-02-20 Initial Advisory CVEs: | CVE-2024-22245, CVE-2024-22250 Synopsis: | Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced...
K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...
No fix KrbRelay VMware style
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a...
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...
CVE-2024-22245
creationtimestamp| type| source ---|---|--- 2024-02-20 19:27:17+00:00| seen| https://t.me/ctinow/188847 2024-02-20 19:32:04+00:00| seen| https://t.me/ctinow/188863 2024-02-21 06:38:32+00:00| seen| https://t.me/thehackernews/4578 2024-02-21 07:22:31+00:00| seen| https://t.me/KomunitiSiber/1522...
CVE-2024-22245
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
CVE-2024-22245
CVE-2024-22245 describes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug‑in (EAP). The issue allows a user’s browser to be coerced into requesting and relaying Kerberos service tickets for arbitrary SPNs, enabling credential ...