VMware has urged users to uninstall the deprecated Enhanced Authentication Plugin (EAP) due to the discovery of critical security flaws, including an arbitrary authentication relay bug and a session hijack flaw.