Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
Vulnerability Description
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
VMware Enhanced Authentication Plug-in 安全漏洞
Vulnerability Description
VMware Enhanced Authentication Plug-in是美国威睿(VMware)公司的VMware Horizon 客户端的一部分,用于提供额外的身份验证层,以增强对 VMware Horizon 虚拟桌面和应用程序的访问的安全性。 VMware Enhanced Authentication Plug-in存在安全漏洞,该漏洞源于存在任意身份验证中继和会话劫持漏洞,可能会允许恶意攻击者诱骗Web浏览器中安装了EAP的目标域用户请求和中继任意服务主体的服务票证名称。
CVSS Information
N/A
Vulnerability Type
N/A