VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin
With growing urgency, VMware is strongly advising administrators to promptly uninstall an outdated, vulnerable vSphere authentication plugin rather than attempt patching it, therefore exposing their networks to potential authentication relay and dangerous session hijack attacks in the rather risky interim period. VMware recommends smoothly transitioning towards upgrading to vSphere 8’s more modern, secure access options before the deprecated plugin reaches official end-of-life while still concerningly leaving any remaining vSphere 7 installations vulnerably exposed until 2025 when ongoing support eventually concludes.
(Source: Help Net Security)
|