Published: February 22, 2024
Overview
CVE-2024-22245 (CVSS Base Score: 9.6) includes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP).
Impact
EAP could allow a malicious actor to trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs) resulting in bypassing authentication mechanisms and hijacking user sessions.
Applicable Versions
Affected Version | Not Affected Version |
---|---|
Any Enhanced Authentication Plug-in | Nil |
Mitigations and Workarounds
The EAP is composed of two components namely In-browser plugin/client, “VMware Enhanced Authentication Plug-in 6.7.0” and Windows service, “VMware Plug-in Service”. To mitigate the vulnerabilities, administrators must remove the EAP plugin and the service. VMware has published the instructions in KB96442 to address CVE-2024-22245.
Best Practices
EAP was deprecated in 2021. Remove the unsupported or deprecated products from your environment.
Netsurion Detection and Response
Netsurion’s vulnerability management system is collaborating with the vendors to update the vulnerability scanners to detect for customers who have subscribed to Netsurion Vulnerability Management.
References: