VMware Alert Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk


Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs), the company said in an advisory.

Read More…