VMware urges admins to remove deprecated, vulnerable auth plug-in By Sergiu Gatlan February 20, 2024 04:00 PM 0 VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in (EAP) enables seamless login to vSphere's management interfaces via integrated Windows Authentication and Windows-bas...