From gbhackers.com
VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.
The Enhanced Authentication Plugin (EAP), which provided seamless login capabilities to vSphere’s management interfaces, is susceptible to authentication relay and session hijack attacks due to two unpatched security vulnerabilities.