VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk

February 21, 2024 at 01:15AM VMware has reported critical security flaws in the Enhanced Authentication Plugin (EAP), urging users to uninstall it. The vulnerability enables a malicious actor to manipulate service tickets and hijack sessions. Additionally, SonarSource disclosed cross-site scripting flaws in Joomla!. Salesforce’s Apex programming language also faces high-severity vulnerabilities. Users are advised to … Read more

VMware urges admins to remove deprecated, vulnerable auth plug-in

February 20, 2024 at 04:05PM VMware warns administrators to remove a deprecated authentication plugin due to security vulnerabilities, enabling attackers to hijack privileged sessions and relay Kerberos tickets. To address the flaws, uninstall the plugin and stop its associated Windows service using PowerShell commands. The company stated there is no evidence of exploitation, and advises … Read more