Published: February 22, 2024


CVE-2024-22245 (CVSS Base Score: 9.6) includes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP).


EAP could allow a malicious actor to trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs) resulting in bypassing authentication mechanisms and hijacking user sessions. 

Applicable Versions

Affected VersionNot Affected Version
Any Enhanced Authentication Plug-inNil

Mitigations and Workarounds

The EAP is composed of two components namely In-browser plugin/client, “VMware Enhanced Authentication Plug-in 6.7.0” and ​​​​​​Windows service, “VMware Plug-in Service”. To mitigate the vulnerabilities, administrators must remove the EAP plugin and the service. VMware has published the instructions in KB96442 to address CVE-2024-22245.

Best Practices

EAP was deprecated in 2021. Remove the unsupported or deprecated products from your environment. 

Netsurion Detection and Response

Netsurion’s vulnerability management system is collaborating with the vendors to update the vulnerability scanners to detect for customers who have subscribed to Netsurion Vulnerability Management.