Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2024-02-20T17:35:09.051Z
Updated: 2024-02-20T17:35:09.051Z
Reserved: 2024-01-08T18:43:03.535Z
Link: CVE-2024-22245
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-20T18:15:51.647
Modified: 2024-05-17T02:36:17.103
Link: CVE-2024-22245
JSON object: View
Redhat Information
No data.
CWE