Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
This article explains how to uninstall the Enhanced Authentication Plugin (EAP) to address CVE-2024-22245 and CVE-2024-22250. Details on these vulnerabilities are published in VMSA-2024-0003 .
The EAP is composed of two (2) entities: In-browser plugin/client, "VMware Enhanced Authentication Plug-in 6.7.0"Windows service, "VMware Plug-in Service" Broadcom recommends removal of both of these applications from endpoint systems to mitigate the vulnerabilities.Domain administrators can use PowerShell to detect if the application is installed on a local system:PowerShell - "VMware Enhanced Authentication Plugin" if ((Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith("VMware Enhanced Authentication Plug-in")}) -eq $null) { Write-Host "Not Vulnerable. VMware Enhanced Authentication Plug-in not installed." -ForegroundColor Green } else { Write-Host "Vulnerable. VMware Enhanced Authentication Plug-in was found to be installed on the system." -ForegroundColor Yellow } PowerShell - "VMware Plug-in Service" if ((Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith("VMware Plug-in Service")}) -eq $null) { Write-Host "Not Vulnerable. VMware Plug-in Service not installed." -ForegroundColor Green } else { Write-Host "Vulnerable. VMware Plug-in Service was found to be installed on the system." -ForegroundColor Yellow } Note: PowerShell has remote execute capabilities to allow domain administrators to invoke the a given command on remote system or a set of systems. To learn more, visit Microsoft Learn - Microsoft.PowerShell.Core Invoke-Command VMware Enhanced Authentication Plug-in 6.7.0 Default install path: C:\Program Files (x86)\VMware\Enhanced Authentication Plug-in 6.7\ To remove the in-browser plugin/client, perform one of the following options on the endpoint device:Option 1 - From Control Panel Open Control PanelBrowse for the installed applicationLocate "VMware Enhanced Authentication Plug-in 6.7.0"Right-click the application and uninstall Option 2 - From the Installer Run the original installer for "VMware Enhanced Authentication Plug-in 6.7.0"In the installer wizard, select "uninstall" Option 3 - PowerShell Run the following Powershell command (Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith("VMware Enhanced Authentication Plug-in")}).Uninstall() VMware Plug-in Service Default install path: C:\Program Files (x86)\VMware\Plug-in Service\ This software is a Windows service: Service: CipMsgProxyServiceDisplay Name: VMware Cip Message Proxy ServiceListening: TCP vmware-plugin:8094 To remove the Windows service, perform one of the following options on the endpoint device: Option 1 - From Control Panel Open Control PanelBrowse for the installed applicationLocate "VMware Plug-in Service"Right-click the application and uninstall Option 2 - From the Installer Run the original installer for "VMware Plugin-in Service"In the installer wizard, select "uninstall" Option 3 - PowerShell Run the following Powershell command: (Get-WmiObject -Class Win32_Product | Where-Object{$_.Name.StartsWith("VMware Plug-in Service")}).Uninstall() Stop and disable the Windows service if uninstallation is not possible at this time. Option 1 - Batch/CMD sc stop CipMsgProxyServicesc config CipMsgProxyService start= disabled Option 2 - Powershell Stop-Service -Name "CipMsgProxyService"Set-Service -Name "CipMsgProxyService" -StartupType "Disabled" Note: If the service cannot be stopped or disabled, then firewall TCP traffic inbound/outbound vmware-plugin:8094.
To remove the "Use Windows Session Authentication" checkbox at the login page of the vCenter UI, follow the below steps: SSH via root to the vCenter Server Run the following command: sso-config.sh -set_authn_policy -winAuthn false -t vsphere.localNote: Replace vsphere.local as appropriate for the environment.