CVE-2024-22245 - VMWare EAP Improper Authentication Vulnerability

This advisory is for organizations that use the VMWare Enhanced Authentication Plug-in (EAP) on client workstations to login to vSphere’s management interface.  This plugin is not installed by default.



VMWare has reported a critical vulnerability in the EAP which could allow an attacker to target a domain user with EAP installed on their web browser to relay Kerberos service tickets and seize control of privileged EAP sessions.


CVE-2024-22245– Authentication Relay Vulnerability

                CVSSv3: 9.6


Affected Platforms

VMWare Enhanced Authentication Plug-in (EAP)



The EAP was deprecated in March of 2021 with the launch of vCenter Server 7.0 Update 2. VMWare is not patching this vulnerability and is advising users to remove the browser plugin and Windows Service using the step-by-step process outlined at:


Additional Resources