A laptop displaying a skull and crossbones icon on its screen, signifying a cyberthreat or malware. The background is a digital landscape with neon circuitry patterns against a gradient sky of pink and purple hues.

Uninstalling EAP Now: A Critical Flaw Risks Active Directory

NewsroomActive Directory / Vulnerability as of February 21st, 2024

Following the discovery of a serious security flaw, VMware is advising users to remove the outdated Enhanced Authentication Plugin ( EAP ).

The vulnerability was identified as an arbitrary authentication relay bug and is tracked as CVE-2024-2245 ( CVSS score: 9.6).

According to an advisory from the company, a malicious actor could use EAP installed in the target domain user’s web browser to request and relay service tickets for arbitrary Active Directory Service Principal Names ( SPNs ).

A software package called EAP, which was discontinued in March 2021, is intended to enable web browser-based direct login to vSphere’s management interfaces and tools. It’s not a part of vCenter Server, ESXi, or Cloud Foundation and is n’t by default included.

A session hijack flaw ( CVE-2024-22250, CVSS score: 7.8 ) that could allow a malicious actor to take advantage of privileged EAP sessions has also been found in the same tool.

Cybersecurity

The twin vulnerabilities were found and reported by Ceri Coburn of Pen Test Partners.

It’s important to note that users who add EAP to Microsoft Windows systems and use the vSphere Client to connect to VMware are only affected by the flaws.

The Broadcom-owned company advised users to completely remove the plugin in order to reduce any potential threats rather than addressing the vulnerabilities.

It continued,” Using the client operating system’s method of uninstalling software, the Enhanced Authentication Plugin can be removed from client systems.”

The disclosure follows SonarSource’s disclosure of numerous cross-site scripting ( XSS) flaws ( CVE-2024–21726 ) that have an impact on Joomla! system for managing content. Versions 5.0.3 and 4.4.3 have addressed it.

Joomla! claims that insufficient content filtering causes various components to have XSS vulnerabilities. said in its own advisory, rating the bug’s severity as moderate.

By tricking an administrator into clicking on a malicious link, attackers can take advantage of the vulnerability, according to security researcher Stefan Schiller. The flaw’s additional technical details are currently being withheld.

Cybersecurity

In a related development, Salesforce’s Apex programming language, which is used to create business applications, has been found to have several high- and critical-severity vulnerabilities and misconfigurations.

The ability to run Apex code in “without sharing” mode, which disregards a user’s permissions and allows malicious actors to read, extract, and even provide specially crafted input to change the execution flow, is the root of the issue.

According to Nitay Bachrach, a security researcher for Varonix, the vulnerabilities in Salesforce can cause data leakage, data corruption, and harm to business operations if they are exploited.

This article piqued your interest? To read more of the exclusive content we post, follow us on LinkedIn and Twitter.
Skip to content