No fix KrbRelay VMware style
Discription

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a malicious public website can communicate with the Enhanced Authentication Plugin (EAP) and request arbitrary Kerberos service tickets on behalf of the user visiting the malicious site. The second, and is logged under CVE-2024-22250, is a session hijack vulnerability where local users can request Kerberos tickets from other users during authentication to the VMware vSphere web console. Unfortunately, VMware have decided not to fix the issue as they deem the enhanced authentication plugin as no longer supported, even though the vSphere 7 product line that uses the plugin remains supported until April 2025. The general recommendation is to simply remove the enhanced authentication plugin from all client devices. The VMware advisory can be found here VMSA-2024-0003 (vmware.com) VMware Enhanced Authentication Plugin EAP can be installed by enterprises wishing to support seamless SSO experience when using the vCenter web administration console. When installed, the plugin registers a URL handler for the vmware-plugin:// scheme and a relaying service that enables support for handling multiuser scenarios. Figure 1. Enhanced Authentication Plugin offered during vCenter login During…Read More

Back to Main

Subscribe for the latest news: