{"id":1160190,"date":"2024-02-21T23:37:26","date_gmt":"2024-02-22T01:37:26","guid":{"rendered":"https:\/\/teknomers.com\/fr\/alerte-vmware-desinstallez-eap-maintenant-une-faille-critique-met-active-directory-en-danger\/"},"modified":"2024-02-21T23:37:30","modified_gmt":"2024-02-22T01:37:30","slug":"alerte-vmware-desinstallez-eap-maintenant-une-faille-critique-met-active-directory-en-danger","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/alerte-vmware-desinstallez-eap-maintenant-une-faille-critique-met-active-directory-en-danger\/","title":{"rendered":"Alerte VMware\u00a0: D\u00e9sinstallez EAP maintenant &#8211; Une faille critique met Active Directory en danger"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">21 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Active Directory \/ Vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Alerte-VMware-Desinstallez-EAP-maintenant-Une-faille-critique-met.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>VMware exhorte les utilisateurs \u00e0 d\u00e9sinstaller le plug-in d&#8217;authentification am\u00e9lior\u00e9e (EAP) obsol\u00e8te suite \u00e0 la d\u00e9couverte d&#8217;une faille de s\u00e9curit\u00e9 critique.<\/p>\n<p>Suivi comme <strong>CVE-2024-22245<\/strong> (score CVSS : 9,6), la vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9crite comme un bug de relais d&#8217;authentification arbitraire.<\/p>\n<p>&#8220;Un acteur malveillant pourrait tromper un utilisateur du domaine cible avec EAP install\u00e9 dans son navigateur Web en lui faisant demander et relayer des tickets de service pour des noms principaux de service Active Directory (SPN) arbitraires&#8221;, explique la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2024-0003.html\" target=\"_blank\">dit<\/a> dans un avis.<\/p>\n<p>PAE, <a rel=\"nofollow noopener\" href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-702-release-notes.html\" target=\"_blank\">obsol\u00e8te depuis mars 2021<\/a>, est un progiciel con\u00e7u pour permettre une connexion directe aux interfaces et outils de gestion de vSphere via un navigateur Web.  Il n&#8217;est pas inclus par d\u00e9faut et ne fait pas partie de vCenter Server, ESXi ou Cloud Foundation.<\/p>\n<p>Le m\u00eame outil a \u00e9galement d\u00e9couvert une faille de d\u00e9tournement de session (CVE-2024-22250, score CVSS : 7,8) qui pourrait permettre \u00e0 un acteur malveillant disposant d&#8217;un acc\u00e8s local non privil\u00e9gi\u00e9 \u00e0 un syst\u00e8me d&#8217;exploitation Windows de s&#8217;emparer d&#8217;une session EAP privil\u00e9gi\u00e9e.<\/p>\n<div class=\"check_two clear bobbob\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/delinea728\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1708012425_568_Les-pirates-informatiques-russes-de-Turla-ciblent-les-ONG-polonaises.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Ceri Coburn de Pen Test Partners a \u00e9t\u00e9 reconnue pour avoir d\u00e9couvert et signal\u00e9 les doubles vuln\u00e9rabilit\u00e9s.<\/p>\n<p>Il convient de souligner que les lacunes n&#8217;affectent que les utilisateurs qui ont ajout\u00e9 EAP aux syst\u00e8mes Microsoft Windows pour se connecter \u00e0 VMware vSphere via vSphere Client.<\/p>\n<p>La soci\u00e9t\u00e9 appartenant \u00e0 Broadcom a d\u00e9clar\u00e9 que les vuln\u00e9rabilit\u00e9s ne seraient pas corrig\u00e9es. <a rel=\"nofollow noopener\" href=\"https:\/\/kb.vmware.com\/s\/article\/96442\" target=\"_blank\">recommander des utilisateurs<\/a> supprimer compl\u00e8tement le plugin pour att\u00e9nuer les menaces potentielles.<\/p>\n<p>&#8220;Le plug-in d&#8217;authentification am\u00e9lior\u00e9e peut \u00eatre supprim\u00e9 des syst\u00e8mes clients \u00e0 l&#8217;aide de la m\u00e9thode de d\u00e9sinstallation du logiciel du syst\u00e8me d&#8217;exploitation client&#8221;, indique-t-il. <a rel=\"nofollow noopener\" href=\"https:\/\/core.vmware.com\/resource\/vmsa-2024-0003-questions-answers\" target=\"_blank\">ajout\u00e9e<\/a>.<\/p>\n<p>Cette divulgation intervient alors que SonarSource a r\u00e9v\u00e9l\u00e9 plusieurs failles de script intersite (XSS) (CVE-2024-21726) affectant Joomla!  syst\u00e8me de gestion de contenu.  Il a \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/developer.joomla.org\/security-centre\/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html\" target=\"_blank\">adress\u00e9<\/a> dans les versions 5.0.3 et 4.4.3.<\/p>\n<p>&#8220;Un filtrage de contenu inad\u00e9quat entra\u00eene des vuln\u00e9rabilit\u00e9s XSS dans divers composants&#8221;, Joomla!  a d\u00e9clar\u00e9 dans son propre avis, \u00e9valuant le bug comme \u00e9tant de gravit\u00e9 mod\u00e9r\u00e9e.<\/p>\n<p>&#8220;Les attaquants peuvent exploiter ce probl\u00e8me pour ex\u00e9cuter du code \u00e0 distance en incitant un administrateur \u00e0 cliquer sur un lien malveillant&#8221;, a d\u00e9clar\u00e9 le chercheur en s\u00e9curit\u00e9 Stefan Schiller. <a rel=\"nofollow noopener\" href=\"https:\/\/www.sonarsource.com\/blog\/joomla-multiple-xss-vulnerabilities\/\" target=\"_blank\">dit<\/a>.  Des d\u00e9tails techniques suppl\u00e9mentaires sur la faille ont actuellement \u00e9t\u00e9 retenus.<\/p>\n<div class=\"check_two clear bobbob\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/tcepdHrZ\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Le-logiciel-malveillant-Bumblebee-revient-avec-de-nouvelles-astuces-ciblant.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Dans un d\u00e9veloppement connexe, plusieurs vuln\u00e9rabilit\u00e9s et mauvaises configurations de gravit\u00e9 \u00e9lev\u00e9e et critique ont \u00e9t\u00e9 identifi\u00e9es dans le <a rel=\"nofollow noopener\" href=\"https:\/\/developer.salesforce.com\/docs\/atlas.en-us.apexcode.meta\/apexcode\/apex_intro.htm\" target=\"_blank\">Langage de programmation Apex<\/a> d\u00e9velopp\u00e9 par Salesforce pour cr\u00e9er des applications m\u00e9tiers.<\/p>\n<p>Au c\u0153ur du probl\u00e8me se trouve la possibilit\u00e9 d&#8217;ex\u00e9cuter du code Apex en mode \u00ab sans partage \u00bb, qui ignore les autorisations d&#8217;un utilisateur, permettant ainsi \u00e0 des acteurs malveillants de lire ou d&#8217;exfiltrer des donn\u00e9es, et m\u00eame de fournir des entr\u00e9es sp\u00e9cialement con\u00e7ues pour modifier le flux d&#8217;ex\u00e9cution.<\/p>\n<p>&#8220;Si elles sont exploit\u00e9es, les vuln\u00e9rabilit\u00e9s peuvent entra\u00eener des fuites de donn\u00e9es, des corruptions de donn\u00e9es et des dommages aux fonctions commerciales de Salesforce&#8221;, a d\u00e9clar\u00e9 Nitay Bachrach, chercheur en s\u00e9curit\u00e9 chez Varonix. <a rel=\"nofollow noopener\" href=\"https:\/\/www.varonis.com\/blog\/apex-code-vulnerabilities\" target=\"_blank\">dit<\/a>.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/vmware-alert-uninstall-eap-now-critical.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80221 f\u00e9vrier 2024\ue804R\u00e9dactionActive Directory \/ Vuln\u00e9rabilit\u00e9 VMware exhorte les utilisateurs \u00e0 d\u00e9sinstaller le plug-in d&#8217;authentification am\u00e9lior\u00e9e (EAP) obsol\u00e8te suite \u00e0 la d\u00e9couverte d&#8217;une faille de s\u00e9curit\u00e9 critique. Suivi comme CVE-2024-22245 (score CVSS : 9,6), la vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9crite comme un bug de relais d&#8217;authentification arbitraire. &#8220;Un acteur malveillant pourrait tromper un utilisateur du domaine [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1160191,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9261,200292,4747,4168,22,4165,4161,200267,1572,231143,70523,231144,9048,4159,4171,200271,617,4955,200268,200269,200270,128318,4172,4169,196,4166,34910,4164],"class_list":["post-1160190","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-active","tag-actualites-sur-la-cybersecurite","tag-alerte","tag-comment-pirater","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-danger","tag-desinstallez","tag-directory","tag-eap","tag-faille","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-maintenant","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1160190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1160190"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1160190\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1160191"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1160190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1160190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1160190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}