9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
VMware encourages administrators to remove an authentication plug-in as soon as possible. The plugin has not been supported for three years. The virtualization specialist VMware reports two vulnerabilities
VMware encourages administrators to remove an authentication plug-in as soon as possible. The plugin has not been supported for three years.
The virtualization specialist VMware reports two vulnerabilities in vCenter Server, CVE-2024-22245 and CVE-2024-22250. The two vulnerabilities are due to the same plugin, namely this Advanced Authentication Plugin (EAP) to log in to the management console. VMware itself stopped supporting the plug-in three years ago, but that’s no guarantee that it will no longer be used.
Since the plugin had to be installed manually, it also needs to be removed manually. VMware expects the vulnerabilities to be relatively limited in scope, precisely because the plug-in is not integrated into vCenter Server by default. But that doesn’t mean there isn’t reason for caution: an attacker could try to trick an employee who has added the plug-in to their web browser into passing service tickets and hijacking the user session.
According to VMware, there is currently no evidence that the vulnerabilities are being actively exploited, but they do not want to wait until that happens. The company recommends updating vCenter Server to the latest version to install patches and also recommends uninstalling the plugin. To do this you need both the plug-in (VMware Enhanced Authentication Plugin 6.7.0) as a supporting Windows service (VMware Plug-in Service).
This can be done by running the following PowerShell scripts or through the control panel of the endpoint where the plugin is installed.
(Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith(“VMware Enhanced Authentication Plug-in”)}).Uninstall()
(Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith(“VMware Plug-in Service”)}).Uninstall()
A security flaw that VMware reported last month could affect more users. A flaw in Aria Automation, used to operate infrastructure in VMware Cloud Foundation, if successfully exploited, allows attackers to gain unauthorized remote access to workflows. You can find more information about how to fix this error here.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
