Skip to content

Critical Vulnerability in Deprecated VMware EAP - 20240221001

Overview

The VMware Enhanced Authentication Plug-in (EAP) contains an Arbitrary Authentication Relay vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.6. There are no workarounds, if installed, the plug-in should be removed immediately.

A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

What is vulnerable?

Product(s) Affected Summary Severity CVSS
VMware Enhanced Authentication Plug-in (EAP) - Any version Component is deprecated and should be removed Critical 9.6

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

Additional References