Dark Reading

Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking

VMware is urging network administrators to remove an out-of-date plug-in for its VSphere, which has two flaws — one of them critical — that can allow attackers with access to a Windows client system ...
Bleeping Computer

VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left ...