Описание
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
EPSS
9.6 Critical
CVSS3
Дефекты
Связанные уязвимости
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
Уязвимость модуля расширенной аутентификации VMware Enhanced Authentication Plug-in (EAP), связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии
EPSS
9.6 Critical
CVSS3