VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
The vulnerable VMware Enhanced Authentication Plug-in enables seamless login to vSphere's management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems.
VMware announced EAP's deprecation almost three years ago, in March 2021, with the release of vCenter Server 7.0 Update 2.
Tracked as CVE-2024-22245 and CVE-2024-22250, the two security flaws patched today can be used by malicious attackers to relay Kerberos service tickets and take over privileged EAP sessions.
The company added that it currently has no evidence that the security vulnerabilities have been targeted or exploited in the wild.
Luckily, the deprecated VMware EAP is not installed by default and is not a part of VMware's vCenter Server, ESXi, or Cloud Foundation products.
Admins have to manually install it on Windows workstations used for administration tasks to enable direct login when using the VMware vSphere Client through a web browser.
As an alternative to this vulnerable auth plug-in, VMware advises admins to use other VMware vSphere 8 authentication methods such as Active Directory over LDAPS, Microsoft Active Directory Federation Services, Okta, and Microsoft Entra ID. Last month, VMware also confirmed that a critical vCenter Server remote code execution vulnerability patched in October was under active exploitation.
VMware confirms critical vCenter flaw now exploited in attacks.
ConnectWise urges ScreenConnect admins to patch critical RCE flaw.
Over 28,500 Exchange servers vulnerable to actively exploited bug.
Hackers exploit critical RCE flaw in Bricks WordPress site builder.
SolarWinds fixes critical RCE bugs in access rights audit solution.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 20 Feb 2024 21:00:12 +0000