Authentication bypass by capture-replay in Enhanced Authentication Plug-in (EAP) - CVE-2024-22245
Published: February 20, 2024 / Updated: September 4, 2024
Vulnerability identifier: #VU86653
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-22245
CWE-ID: CWE-294
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Enhanced Authentication Plug-in (EAP)
Enhanced Authentication Plug-in (EAP)
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to arbitrary authentication relay issue. A remote attacker trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
Remediation
This plugin is no longer supported and will not receive any security updates. It is recommended to remove it from your systems.