VMware Urges To Remove Enhanced EAP Plugin To Stop Auth & Session Hijack Attacks

From gbhackers.com

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.

The Enhanced Authentication Plugin (EAP), which provided seamless login capabilities to vSphere’s management interfaces, is susceptible to authentication relay and session hijack attacks due to two unpatched security vulnerabilities.

Read more…