Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking

Admins are urged to remove vSphere's vulnerable Enhanced Authentication Plug-in, which was discontinued nearly three years ago but is still widely in use.

https://www.darkreading.com/application-security/critical-vulnerability-vmware-vsphere-plugin-session-hijacking