Authentication bypass by capture-replay in Enhanced Authentication Plug-in (EAP) - CVE-2024-22245
Published: February 20, 2024 / Updated: September 4, 2024
Vulnerability identifier: #VU86653
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-22245
CWE-ID: CWE-294
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
Enhanced Authentication Plug-in (EAP)
Enhanced Authentication Plug-in (EAP)
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to arbitrary authentication relay issue. A remote attacker trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
How to mitigate CVE-2024-22245
This plugin is no longer supported and will not receive any security updates. It is recommended to remove it from your systems.