VMware urged admins today to remove a discontinued authentication plugin exposed to¬†authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. […]

from https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-remove-deprecated-vulnerable-auth-plug-in/